ssh troubleshooting

Ssh has always been the biggest troublespot in all this. While gitolite makes it as easy as possible, you might still run into trouble sometimes.

In this document:


But before we get to all that, let's clarify that all this is applicable only to the gitolite admin. He's the only one who needs both a shell and gitolite access, so he has two pubkeys in play.

Normal users have only one pubkey, since they are only allowed to access gitolite itself. They do not need to worry about any of this stuff, and their repo urls are very simple, like: git@my.git.server:reponame.git.


ssh sanity checks

There are two quick sanity checks you can run:

If one or both of these does not work as expected, do this:

Once these sanity checks have passed, things should be fine. However, if you still have problems, make sure that the "origin" URL in any clones looks like gitolite:reponame.git, not git@server:reponame.git.

explanation

Here's how it all hangs together.

files on the server

files on client

why two keys on client

Why do I (the admin) need two different keypairs?

There are two types of access the admin will make to the server: a normal login, to get a shell prompt, and gitolite access (clone/fetch/push etc). The first access needs an authkeys line without any "command=" restrictions, while the second requires a line with such a restriction.

And we can't use the same key for both because there is no way to disambiguate them; the ssh server will always (always) pick the first one in sequence when the key is offered by the ssh client.

So the next question is usually "I have other ways to get a shell on that account, so why do I need a key for shell access at all?"

The answer to this is that the "easy install" script, being written for the most general case, needs shell access via ssh to do its stuff.

If you really, really, want to get rid of the extra key, here's a transcript that should have enough info to get you going (but it helps to know ssh well):

That should do it.

more complex ssh setups

What do you need to know in order to create more complex ssh setups (for instance if you have two gitolite servers you are administering)?

two gitolite servers to manage?

further reading

While this focused mostly on the client side ssh, you may also want to read this for a much more detailed explanation of the ssh magic on the server side.