2

What I would like to do

How can I clone a git repository on my production server, without providing the account's password, and passphrase for the SSH key?

Perhaps what I'm asking is not possible. For the passphrase problem, I could generate the key without any passphrase, but not sure how secure that is.

What I currently do

I SSH to my server, with the account's username and password. I generate an SSH key on the server (which I then add to my Github account as an authenticated key). Each time I pull from the remote repo, I have to enter the passphrase.

The problem with this approach is that if I want someone else to pull the latest version of the repo on the production server, they will need the user and its password, along with the passphrase for the SSH key.

eoinoc
  • 165
  • 1
  • 6

1 Answers1

2

If your only concern is related to people being able to clone or pull from the repository, you can expose a bare repository over a webserver / HTTP. Git Book - Setting Up a Public Repository

There's also the corollary next page: Git Book - Setting Up a Private Repository if you want to grant others push access.

If you don't want to setup seperate accounts for every user, you can use a tool called Gitosis. In gitosis, there is an authorized_keys file that contains the public keys of everyone authorized to access the repository, and then everyone uses the 'git' user to do pushes and pulls.

Jeff Ferland
  • 20,547
  • 2
  • 62
  • 85
  • 1
    Its important to note that gitosis has since been deprecated in favor of gitolite, which has shown continued development. – Andrew M. Dec 19 '11 at 22:53
  • @Jeff From my understanding, exposing a bare repo over HTTP would make it open. This is a proprietary project. – eoinoc Dec 20 '11 at 07:56
  • @eoinoc Controls can be placed around the HTTP access... .htaccess files, internal subnets, etc. – Jeff Ferland Dec 29 '11 at 04:24