当前位置：文江博客话题详情

如何指定在 git 中使用哪个 SSH 密钥进行 git Push 以便将 gitorious 作为镜像？

发布于 2024-09-14 13:17:34 字数 547 浏览 11 评论 0原文

我有一个托管在 git.debian.org (alioth) 上的项目，我想配置一个接收后挂钩来更新 http://gitorious.org

我想我必须使用 git push --mirror gitorious

现在，我需要在 gitorious 上授权 Alioth 进行推送成功。我该怎么做？

我想我需要在 gitorious 上配置一个用户并为其创建一个 ssh 密钥。然后，当我在 post-receive 挂钩中执行 git Push 时，请确保使用此 ssh 密钥。

我可以使用 ~/.ssh/config 但问题是许多用户可以推送 alioth，每个人都必须登录并配置 ~/.ssh/config.相反，我想要一个命令行选项或环境变量来告诉 ssh 使用哪个密钥。我可以这样做吗？

另外，您还有其他如何实现镜像的想法吗？并且，是否可以以相反的方式配置它（对 alioth 进行巨大的推动）？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

我为君王 2024-09-21 13:17:34

答案可以在 git 参考手册中找到。

GIT_SSH
如果设置了此环境变量，那么 git fetch 和 git push 在需要连接到远程系统时将使用此命令而不是 ssh。 $GIT_SSH 命令将被赋予两个参数：URL 中的 username@host（或只是主机）和要在该远程系统上执行的 shell 命令。
要将选项传递给要在 GIT_SSH 中列出的程序，您需要将程序和选项包装到 shell 脚本中，然后设置 GIT_SSH参考shell脚本。
通常，通过您的个人 .ssh/config 文件配置任何所需的选项会更容易。请参阅您的 ssh 文档以获取更多详细信息。

所以，我需要写一个包装脚本，我写这个push-gitorious.sh脚本：

#!/bin/sh


if [ "run" != "$1" ]; then
  exec ssh -i "$GITORIOUS_IDENTITY_FILE" -o "StrictHostKeyChecking no" "$@"
fi

remote=YOUR_SSH_GITORIOUS_URL

echo "Mirroring to $remote"

export GITORIOUS_IDENTITY_FILE="`mktemp /tmp/tmp.XXXXXXXXXX`"
export GIT_SSH="$0"

cat >"$GITORIOUS_IDENTITY_FILE" <<EOF
YOUR SSH PRIVATE KEY

EOF
cat >"$GITORIOUS_IDENTITY_FILE.pub" <<EOF
YOUR SSH PUBLIC KEY

EOF

#echo git push --mirror "$remote"
git push --mirror "$remote"

rm -f "$GITORIOUS_IDENTITY_FILE"
rm -f "$GITORIOUS_IDENTITY_FILE.pub"

exit 0

当然，你必须填写私钥（公钥包含在脚本中仅供参考您还需要在 post-receive 挂钩中填写 gitorious URL，

您必须输入：

path/to/push-gitorious.sh run

run 选项很重要，否则它将直接运行 ssh

。如果需要，您可以从 ssh 命令行中删除该选项并自定义 known_hosts ，我认为这并不重要。

The answer is to be found in the git reference manual.

GIT_SSH
If this environment variable is set then git fetch and git push will use this command instead of ssh when they need to connect to a remote system. The $GIT_SSH command will be given exactly two arguments: the username@host (or just host) from the URL and the shell command to execute on that remote system.
To pass options to the program that you want to list in GIT_SSH you will need to wrap the program and options into a shell script, then set GIT_SSH to refer to the shell script.
Usually it is easier to configure any desired options through your personal .ssh/config file. Please consult your ssh documentation for further details.

So, I need to write a wrapper script, I write this push-gitorious.sh script:

#!/bin/sh


if [ "run" != "$1" ]; then
  exec ssh -i "$GITORIOUS_IDENTITY_FILE" -o "StrictHostKeyChecking no" "$@"
fi

remote=YOUR_SSH_GITORIOUS_URL

echo "Mirroring to $remote"

export GITORIOUS_IDENTITY_FILE="`mktemp /tmp/tmp.XXXXXXXXXX`"
export GIT_SSH="$0"

cat >"$GITORIOUS_IDENTITY_FILE" <<EOF
YOUR SSH PRIVATE KEY

EOF
cat >"$GITORIOUS_IDENTITY_FILE.pub" <<EOF
YOUR SSH PUBLIC KEY

EOF

#echo git push --mirror "$remote"
git push --mirror "$remote"

rm -f "$GITORIOUS_IDENTITY_FILE"
rm -f "$GITORIOUS_IDENTITY_FILE.pub"

exit 0

Of course, you have to fill in the private key (the public key is included in the script for reference only. You also need to fill in the gitorious URL.

In the post-receive hook, you have to put:

path/to/push-gitorious.sh run

The run option is important, otherwise it will run ssh directly.

Warning: no checking is done on the remote host identity. You can remove the option from the ssh command line and customize known_hosts if you want to. In this use case, I don't think it's important.

回复收藏 0 原文

誰ツ都不明白 2024-09-21 13:17:34

我知道有两种方法，以便您可以在 git 命令行指定要用于 git 站点的任何密钥文件。您不需要在配置文件或脚本中硬编码此密钥文件。您只需在 git 命令行直接提供即可。

方法一：使用GIT_SSH环境变量

在命令行中的用法是这样的：

$ PKEY=~/.ssh/keyfile.pem git clone [email protected]:me/repo.git

要使用这个命令，你需要做一些预先设置。首先，创建一个包含以下内容的 shell 脚本：

#!/bin/sh
if [ -z "$PKEY" ]; then
    # if PKEY is not specified, run ssh using default keyfile
    ssh "$@"
else
    ssh -i "$PKEY" "$@"
fi

接下来，导出并设置 GIT_SSH 变量，其值等于上面 shell 脚本的位置。

$ export GIT_SSH=~/ssh-git.sh

其中 ~/ssh-git.sh 是上面 shell 脚本的文件名。

该脚本必须是可执行的，因此执行 chmod：

$ chmod +x ~/ssh-git.sh

现在您可以使用您选择使用的任何密钥文件运行此命令：

$ PKEY=~/.ssh/keyfile1.pem git clone [email protected]:me/repo.git

要对不同的主机使用另一个密钥文件：

$ PKEY=~/.ssh/keyfile2.pem git clone [email protected]:other/repo.git

这支持您要使用的任何密钥文件。每次您需要使用您想要使用的密钥文件运行 git 时，只需将其提供给 PKEY 变量即可。只要预先配置了 GIT_SSH，您就可以忘记其他一切。

记下 PKEY 变量。您可以使用任何名称，只要它与 GIT_SSH 指向的 shell 脚本中使用的名称匹配即可。

方法 2：使用包装脚本

包装脚本的用法如下：

$ git.sh -i ~/.ssh/keyfile.pem clone [email protected]:me/repo.git

这种用法很直观，因为它看起来像使用 -i 选项运行 ssh。

这不需要预先设置 shell 脚本和 GIT_SSH。您只需使用 git 命令下载并运行这个单个包装器脚本。

您可以在此处获取此包装脚本的副本：
http://alvinabad.wordpress.com/2013/03/23/how-to-specify-an-ssh-key-file-with-the-git-command/

The are two methods I know so that you can specify any keyfile you want to use for a git site at the git command line. You don't need to hard-code this keyfile in a config file or script. You simply supply this straight at the git command line.

Method 1: Use the GIT_SSH environment variable

The usage will be like this at the command line:

$ PKEY=~/.ssh/keyfile.pem git clone [email protected]:me/repo.git

To use this command, you need to do some pre-setup. First, create a shell script with the following contents:

#!/bin/sh
if [ -z "$PKEY" ]; then
    # if PKEY is not specified, run ssh using default keyfile
    ssh "$@"
else
    ssh -i "$PKEY" "$@"
fi

Next, export and set the GIT_SSH variable with a value equal to the location of the shell script above.

$ export GIT_SSH=~/ssh-git.sh

where ~/ssh-git.sh is the filename of the shell script above.

The script must be executable so do a chmod:

$ chmod +x ~/ssh-git.sh

Now you can run this command with any keyfile you choose to use:

$ PKEY=~/.ssh/keyfile1.pem git clone [email protected]:me/repo.git

To use another keyfile for a different host:

$ PKEY=~/.ssh/keyfile2.pem git clone [email protected]:other/repo.git

This supports any keyfile you want to use. Every time you need to run git with a keyfile you want to use you, just supply it to the PKEY variable. You can forget everything else as long as the GIT_SSH has been pre-configured.

Take note of the PKEY variable. You may use any name as long as it matches what is used in the shell script GIT_SSH is pointing to.

Method 2: Use a wrapper script

The usage of the wrapper script will be something like this:

$ git.sh -i ~/.ssh/keyfile.pem clone [email protected]:me/repo.git

This usage is intuitive since it looks like running ssh with the -i option.

This doesn't require pre-setup of a shell script and GIT_SSH. You only need to download and run this single wrapper script with the git command.

You can get a copy of this wrapper script here:
http://alvinabad.wordpress.com/2013/03/23/how-to-specify-an-ssh-key-file-with-the-git-command/

回复收藏 0 原文

您的好友蓝忘机已上羡 2024-09-21 13:17:34

不涉及任何外部脚本的更简单的替代方案是使用 SSH 别名。我知道原发帖者特别要求不要更改 ~/.ssh/config，但我怀疑这里存在误解。

服务器上的本地用户与执行提交的人不同，并且可以是与执行“git Push”的人不同的人。

在服务器上，托管软件可以作为单个用户（通常是“git”）运行，
执行提交的人员的身份只是 git 的业务（添加到提交的元数据），与服务器无关，并且不受身份验证在服务器上，
“git push”-er 的身份是相关的并且建立在
基于 ssh 密钥在服务器上运行 git 托管软件的系统

因此，在执行推送的系统上，即使对于相同的本地帐户和相同的远程服务器，甚至在相同的 git 存储库中，也可以通过使用强制使用特定身份使用下面解释的方法创建 ssh 别名。

假设您在 gitorious.org 服务器上拥有常规帐户，我们将其称为“开发人员”。
您不想使用“开发者”帐户自动推送[1]，因此您创建了另一个用于同步的 gitorious 帐户，我们将其称为“机器人”。

对于自动化，仅使用“robot”帐户：

第 1 步：将“robot”添加到需要推送到的 gitorius 项目中。

第 2 步：在本地计算机上创建一个无密码密钥（这将与 gitorious 上的机器人帐户关联）。

ssh-keygen -f ~/.ssh/id_rsa_robot

第3步：将公钥 ~/.ssh/id_rsa_robot.pub 上传到 gitorious 的“robot”帐户中。

第 4 步：gitorious 上的 git SSH URI 的格式为 git@gitorious.org:prj_or_user/subproject.git。在您的 ~/.ssh/config 文件中添加以下行：

host robot.gitorious.org
        HostName gitorious.org
        IdentityFile ~/.ssh/id_rsa_robot
        IdentitiesOnly "yes"

这将确保：

每当您使用“robot.gitorious.org”主机名时，它都会连接
到 gitorious.org（主机名选项），
它将使用无密码密钥作为机器人进行身份验证
gitorius.org（IdentiFile 选项），
即使您正在运行 ssh 代理，它也会忽略默认密钥
并使用无密码的（IdentiesOnly“yes”）。

第 5 步：假设您项目的 gitorious 上的 SSH URI 为 ' [email protected]:project/project.git'，在本地存储库中定义一个新的远程'autopush'，主机名稍作修改：

git remote add autopush [email protected]:project/project.git

设置完成，现在尝试通过'autopush'推送到gitorious ' 偏僻的。

git push autopush master

如果一切顺利并且有要推送的更改，您应该会看到您已成功推送到“gitorious.org”作为“机器人”

[1] 对于自动推送，必须为帐户生成无密码密钥，但将其附加到gitorious 的“开发人员”帐户意味着自动化作业可以推送到任何涉及 gitorious 的“开发人员”的 gitorious 项目。

A simpler alternative which does not involve any external scripts is to use a SSH alias. I know the original poster asked specifically not to change ~/.ssh/config, but I suspect there is a misunderstanding here.

The local user on the server is not the same as the person doing the commit and can be a different person than the one doing the 'git push'.

on the server the hosting software can run as a single user (usually 'git')
the identity of the person doing the commit is only git's buisness (to add to commit's meta data), is irrelevant for the server and is not subject to authentication on the server
the identity of the 'git push'-er is relevant and is established on
systems running the git hosting software on the server based on the ssh key

For this reason, on the system doing the push one can force a specific identity even for the same local account and the same remote server, even within the same git repository by using an ssh alias following using the method explained below.

Assume you have on the gitorious.org server your regular account, let's call it 'developer'.
You don't want to automatically push using your 'developer' account [1], so you create another gitorious account for the sync, let's call it 'robot'.

For automation only the 'robot' account will be used:

Step 1: Add 'robot' to the gitorius project which needs to be pushed to.

Step 2: On the local machine create a paswordless key (this will be associated with the robot account on gitorious).

ssh-keygen -f ~/.ssh/id_rsa_robot

Step 3: upload the public key ~/.ssh/id_rsa_robot.pub on gitorious in the 'robot' account.

Step 4: The git SSH URIs on gitorious have the format git@gitorious.org:prj_or_user/subproject.git. In your ~/.ssh/config file add the following lines:

host robot.gitorious.org
        HostName gitorious.org
        IdentityFile ~/.ssh/id_rsa_robot
        IdentitiesOnly "yes"

This will make sure that:

whenever your use the 'robot.gitorious.org' hostname it will connect
to gitorious.org (HostName option),
it will use the passwordless key to authenticate as robot on
gitorius.org (IdentiFile option) and
even if you have a ssh agent running, it will ignore the default key
and use the passwordless one (IdentiesOnly "yes").

Step 5: Assuming the SSH URI on gitorious for your project is '[email protected]:project/project.git', in the local repository define a new remote 'autopush' with a slightly modified host name:

git remote add autopush [email protected]:project/project.git

The setup is done, now try to push to gitorious via the 'autopush' remote.

git push autopush master

If everything went well and there are changes to push, you should see you succesfully pushed to 'gitorious.org' as 'robot'

[1] For automatic pushes a passwordless key must be generated for the account, but attaching it to the gitorious 'developer' account would mean that the automated job can push to any of the gitourious projects where 'developer' is involved on gitorious.

回复收藏 0 原文

~没有更多了~