I want to setup a git environment for my coworkers and me between the dev server and the prod server (and later between local machines and the dev server as well). Installed git on prod, init, everything is fine.
Now I want to git clone the prod into the dev, to then be able to push validated features to prod. I tried to do so with
git clone ssh://[email protected]:1234/path/to/git/repos/
The issue is, that user is not a superuser and has no access to that path. So of course it fails. I can't connect in root because PermitRootLogin no. So I thought of 2 possibilities :
PermitRootLogin no to PermitRootLogin without-password and use a ssh key to connect as root. I guess it would work.But I'm not sure whether it's the right way to go or if I have another option I didn't think of / found info about.
Thanks ahead !
Having application files on your production system that require root access is not a good idea in the first place, and further opening up your root account in the way you describe is an absolute no-no. A good (i.e., secure) approach is this:
myapp and a user myappadm./path/to/git/repos/) should be chown'ed to myappadm:myapp.myappadm but only readable by myapp.myapp.(Of course, if you already have a group like myapp and only have root instead of myappadm then you can keep that group and just chown everything to myappadm instead of root.)
That done, you will clone from ssh://myappadm@... and all will be fine. People who have access to myappadm will no longer be able to take over the whole machine, and so on.