We use Vagrant boxes for development. For every project or small snippet we simply start a new box and provision it with Ansible. This is working fantastic; however, we do get into trouble when connecting to a private Bitbucket repository within a bower install run.
The solution we have now is to generate a new key (ssh-keygen), accept all defaults (pressing <return>, <return>, <return>) and then grab the public key (cat ~/.ssh/id_rsa.pub). Copy it, go to Bitbucket, view your account and add this new ssh key. And repeat for every new box you instantiate.
We have to do this because of some closed source packages (hosted on Bitbucket) we install via Bower. We do have another experience, which is much better: composer (php's package manager) and private Github repositories. With that setup, you have to enter your username/password/2fa token via the command line and an OAuth token is generated for you. This works great.
So, is there a way we can mitigate this bower/bitbucket/ssh issue? For obvious reasons I don't want to provision the boxes with a standard private key, but there has to be another solution?
While I'm not sure that my situation is as complex as yours (I'm not using Ansible or Bower), I solved this problem by using the Vagrant ssh forward agent. This blog post gives you the details on how to get it working:
Cloning from GitHub in Vagrant using SSH agent forwarding
So as long as each of the developers has access on their local machines to the bitbucket repos, it should work.
Related
I have various GitHub accounts and for each account I have SSH set up. So under ~/.ssh I have a public and private key for each account.
I want to use the GitHub CLI, but I am not sure how I can tell the CLI to use a particular SSH key.
In case it is relevant, this is what I get when I run ssh-add -l:
Example Scenario
I want to run gh repo create on GitHub account B, but for some reason, the repo got created on GitHub account A. Is there a way I can tell gh what account to use?
if you have different GitHub users the gh-cli won't be very effective. as #phd commands like gh repo create require logging in via an auth token. https://cli.github.com/manual/gh_auth_login
Switching contexts between accounts (i.e. github.com/user1 and github.com/user2) def doesn't seem supported so you'd have to hack around loging in and out each time every time you switched.
But configuring which ssh key git should use can be configured easily enough in some combo of ~/.ssh/config .gitconfig and/or setting the GIT_SSH_COMMAND env var before running git commands.
So, I am new to the GitLab server. Now, what I want to achieve is this:
Allow access to repositories only on certain ssh-keys. There are a limited no of machines and a limited no of users, so if a user adds an ssh-key outside these sets of keys, the repo should not clone there. Because my team size is small, I am okay if I only add those public keys to the account.
I am fine with the idea of ssh access but currently, as an admin, I lose the freedom to conveniently track or choose which all ssh-keys can access my repo. Can I disable users from adding ssh keys?
Is there any other way to ensure this? Would instead of having ssh enabled access HTTPS with whitelisting IP-enabled access work?
GitLab was, in the beginning (2011) based upon gitolite, but switched to its own mechanism in 2013.
Nowadays, it is best to declare a GitLab project private and add users to said project: that way you won't have to manage SSH or HTTPS access: any user who is not part of that project won't be able to see it/clone it (HTTPS or SSH).
In other words, repository access is no longer based on SSH keys (not for years), but is based on project visibility.
The OP adds:
even if a user is part of a project, he should only be able to clone the project on certain remote machines.
That is not a Git or GitLab feature, which means you need:
to restrict Git protocols on GitLab to SSH only
change the gitlab-shell SSH forced command script in order to allow commands only coming from some IPs
There is access to group by IP address restriction feature, since GitLab 12.0 (June 2019), but... only in GitLab Ultimate (meaning: "not free").
I am provisioning a nixos instance on AWS. The instance has to download a repositiory from a private github repo. Currently I just run a shell script on the remote box using ssh-forwarding to download the repository. In this way I don't have to copy my private key, which gives me access to the repo, to the remote box.
I would like to change this procedure to be more Nix-like. I want to write a nix expression which downloads the repo and put it in /etc/nixos/configuration.nix. At the same time I don't want to copy my private key to the remote machine. Is this possible? Can nixos-rebuild use ssh forwarding?
You can explore --build-host and --target-host options of nixos-rebuild command. That is, make your local machine a build-machine, and remote one - target. You need root passwordless ssh access to remote though.
I am trying to add my SSH ID to bitbucket from my newly installed ArchLinux setup. The instructions for adding my id to bitbucket involve using my browser and copy/paste the key. I am not using a GUI but don't know what the command is to push public keys from commandline to bitbucket. How do I manage this?
You could try to use the links command line browser, although it doesn't seem installed by default. Of course you may want to get the ID into a clipboard of sorts if you don't want to type it over.
If the posting the ID doesn't require difficult pages and settings you may be able to implement this using httpie - which does seem to be installed.
Although there is a number of questions on the topic, I'm not getting anywhere....
I need to access an existing repo on Github from an alternate machine and I'm having trouble setting it up.
So I have installed Github and ran:
git config global --user.name
git config global --user.email
git init
git clone git#github.com:user/repo.git
I'm getting Permisson Denied (publickey)
Which I guess is due to me not having provided my SSH key. I have the key here, but no clue, what to do.
Question:
How to do I supply the SSH key to be able to connect my 2nd PC to my git repo.
Thanks!
You need to register another ssh key with github for the second computer.
Go here and add another key. This page explains the process.
You can switch to https authentication if you don't want to generate another pair of key or transfer your existing one to the new box.
You will need to change your clone command to following: git clone https://github.com/user/repo.git
Their help section has a nice step-by-step guide to setting up your machin: https://help.github.com/articles/generating-ssh-keys#platform-all.
Specifically, see step 4 for instructions on how to import a new key.