stackoom
  简体   繁体   中英

Linux - How to Configure SFTP server along with Local Git Repository

 原文  2017-10-04 05:26:22       git/ unix/ hosting/ sftp

Question

Currently I am configuring both SFTP and Local git repository on same server. There will be 2 types of groups: sftp-users & git-users . I have restricted sftp-usres only to their home directories using ChrootDirectory %h . Now when I allow just sftp-users using SFTP(to download/view files), then it doesn't allow git-users to login through putty or to clone projects on client side.

So what is the best way to configure both type of group in same server, so that git-users are unable to view code repositories through FTP clients?? Any suggestion will be highly appreciated!!!

1 answers

solution1
 1 ACCPTED  2017-10-04 07:24:36

I'd say you're doing this wrong with regard to Git.

Instead of implementing real system logins for SSH access (what you call "login through putty"), it's advised to create a single "virtual" user (typically called git ) and have all Git users use that single user to log into the system using SSH — while at the same time having certain means to distinguish different users based on their SSH keys.

Such distinguishing is typically implemented using gitolite (usually that's just apt install gitolite ).

The idea is that each distinct Git user has their own SSH key, and that virtual system user git on the server has something provided by gitolite set as its login shell. Each Git user logs in as git@server but uses its own SSH key for authentication. After logging the user in, the SSH server calls gitolite , and it uses its own mapping of users' keys to individual users, which are purely virtual in the sense they do not have accounts on the server.

This allows you to fully decouple Git hosting from SFTP hosting.

Another possible solution is to serve Git repositories via HTTP rather than SSH. You could then use any of the HTTP server's means of authenticating your users which, again, would allow decoupling of the databases of the Git users and SFTP users. (But they could use the same authentication backend, say, PAM, if needed — see this for one example.)

As an aside, your question if offtopic on SO ; please use ServerFault for the questions like yours (dedicated to software configuration / administration problems).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to clone a local git repository to a repository on the server? How to Build Bare Git Repository on Local Server? How to Configure Capistrano to Deploy from Local Git Repository? How to configure GitLab to use external git repository on a remote server vscode git, sftp configure How to clone a git repository which is present on a remote linux server into windows GitEye - How to connect to remote repository on sftp server? How to setup a git or svn repository on a local server/PC on Windows? How to initialize local git repository and tell it it is already in sync with server? How to configure git server and client repositories on twol local windows systems?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM