I want to setup a git environment for my coworkers and me between the dev server and the prod server (and later between local machines and the dev server as well). Installed git on prod, init, everything is fine.
Now I want to git clone
the prod into the dev, to then be able to push validated features to prod. I tried to do so with
git clone ssh://[email protected]:1234/path/to/git/repos/
The issue is, that user is not a superuser and has no access to that path. So of course it fails. I can't connect in root because PermitRootLogin no
. So I thought of 2 possibilities :
PermitRootLogin no
to PermitRootLogin without-password
and use a ssh key to connect as root. I guess it would work.But I'm not sure whether it's the right way to go or if I have another option I didn't think of / found info about.
Thanks ahead !
Having application files on your production system that require root
access is not a good idea in the first place, and further opening up your root
account in the way you describe is an absolute no-no. A good (i.e., secure) approach is this:
myapp
and a user myappadm
./path/to/git/repos/
) should be chown
'ed to myappadm:myapp
.myappadm
but only readable by myapp
.myapp
.(Of course, if you already have a group like myapp
and only have root
instead of myappadm
then you can keep that group and just chown everything to myappadm
instead of root
.)
That done, you will clone from ssh://myappadm@...
and all will be fine. People who have access to myappadm
will no longer be able to take over the whole machine, and so on.