gitolite ã®ãƒ¦ãƒ¼ã‚¶ç®¡ç†ã®ä»•çµ„ã¿
最近ã«ãªã£ã¦ gitolite を使ã£ã¦ã¿ãŸã®ã§ã™ãŒã€ã‹ãªã‚Šä¾¿åˆ©ã§ã™ã。
gitolite ã§ã¯ OS ã®ãƒ¦ãƒ¼ã‚¶ã‚’作æˆã›ãšã«ã€SSH ã®å…¬é–‹éµã‚’登録ã™ã‚‹ã ã‘ã§ãƒ¦ãƒ¼ã‚¶ã‚’è¿½åŠ ã§ãる仕組ã¿ã«ãªã£ã¦ã„ã‚‹ã®ã§ã™ãŒã€ã“ã‚Œã£ã¦ä¸€ä½“ã©ã†ã‚„ã£ã¦ã„ã‚‹ã®ã§ã—ょã†ã‹ã€‚
gitolite ユーザ㮠authorized_keys ã®å†…容を見ã¦ã¿ã‚‹ã¨ã€ä»¥ä¸‹ã®ã‚ˆã†ã«è¤‡æ•°ã®å…¬é–‹éµãŒç™»éŒ²ã•ã‚Œã¦ãŠã‚Šã€ãã‚Œãžã‚Œå…ˆé 部分ã«ã€Œcommand="/usr/bin/gl-auth-command user1"ã€ã®ã‚ˆã†ã«ã‚³ãƒžãƒ³ãƒ‰ã‚‰ã—ãã‚‚ã®ãŒæŒ‡å®šã•ã‚Œã¦ã„ã¾ã™ã€‚
# cd /var/lib/gitolite/ # cat .ssh/authorized_keys # gitolite start command="/usr/bin/gl-auth-command admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA 〜略〜 eQ== akishin@centos5-5-1 command="/usr/bin/gl-auth-command akishin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA 〜略〜 wu0Z command="/usr/bin/gl-auth-command user1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA 〜略〜 Ww== user1@centos5-5-1 # gitolite end
ãªã‚“ã ã‚ã†ã¨æ€ã„ã„ã‚ã„ã‚調ã¹ã¦ã¿ã‚‹ã¨ã€authorized_keys ファイルã«ã¯éµã”ã¨ã«å®Ÿè¡Œã•ã‚Œã‚‹ã‚³ãƒžãƒ³ãƒ‰ã‚’指定ã™ã‚‹äº‹ãŒã§ãã‚‹ã¨ã®ã“ã¨ã€‚
AUTHORIZED_KEYS ファイルã®å½¢å¼
http://www.unixuser.org/~euske/doc/openssh/jman/sshd.html#AUTHORIZED_KEYS%20%E3%83%95%E3%82%A1%E3%82%A4%E3%83%AB%E3%81%AE%E5%BD%A2%E5%BC%8F
公開éµèªè¨¼æ™‚ã« git ユーザåを引数㫠gl-auth-command を呼ã³å‡ºã™ã“ã¨ã§ã€ãƒ¦ãƒ¼ã‚¶ã®è˜åˆ¥ã‚„アクセス制é™ã‚’è¡Œã£ã¦ã„ã‚‹ã‚“ã§ã™ã。
gitolite ã®ãƒ‰ã‚ュメントã§ã‚‚ã“ã®ä»•çµ„ã¿ã«ã¤ã„ã¦è§£èª¬ãŒã•ã‚Œã¦ã„ã¾ã™ã€‚
how does gitolite use all this ssh magic?
http://sitaramc.github.com/gitolite/gl_ssh.html#gitolite_and_ssh_how_does_gitolite_use_all_this_ssh_magic__
ã“ã®ä»•çµ„ã¿ã¯ gitolite を触るã¾ã§å…¨ç„¶çŸ¥ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚
SSH も奥ãŒæ·±ã„ã§ã™ã。
