I installed gitosis on my Ubuntu 10.4 Server via
apt-get install gitosis
Then I initialized the admin repository with
sudo -H -u gitosis gitosis-init < nameOfThePublicKeyFile
After this I thought that it the admin repository is only clonable for clients that offer the private key that fits to the public key file of the repository. So just to be sure, I tested if it is possible to clone the repository without the private key or with a false private key. Unfortunately and surprisingly it worked. I tested this with tortois git on windows.
Therefore my question is: How can I secure my repositories, so that they can only be cloned if I provide the correct private key.
Did I skip an important step in the installation process or anything?
Thanks for any help!
I think I found the error and it has nothing to do with gitosis.
I found out that my tortoisgit client on windows somehow caches the correct private key file of a git connection if it cloned a repository succesfully once. Even if I provide a wrong keyfile afterwards.(I don't know where it saves it but I saw it in the config file that is created by tortoisgit when a repository is cloned.)
I tried to clone my repository with with another windows computer, just to be sure, that is is only a caching problem. And voila this other computer that never saw my private key file could not clone the repository.