Git repositories on shared hosting with ssh access - multiple users / one ssh account

Question

I'm part of a small team trying to start coding on a project. I've decided it's time to give git a chance (no more svn) and was trying to see if we could use our shared web hosting to deploy a "public" repository there so that we can easily push/pull to/from it and keep up-to-date with each others changes.

The problem I'm having now is that we only have a single ssh account for that hosting. Having used svn in the past, I could enforce a svn username on a given pair of ssh keys, however I don't seem to be able to do something similar with git (in other words tie the ssh keypair to a specific dev). I don't mind everybody having read/write permissions everywhere, since anything that is private should stay on each others machine. Finally, solutions such as gitosis can not be used.

I guess my question to you is how is accountability to git pushes given? Is it tied to the ssh account being used, or the email address given in git config? Can I create different ssh keys for every developer (for the same ssh account though), and just send them to the devs?

Answer 1

Normally you have a git user where everyone uses to commit, and they have ssh keys on the server so that you can log in. I use gitolite to manage my git repository at work. However you can do it with just ssh access.

Login to your webhost make a folder for your project. Then have your developers create rsa public keys, copy them to your webhost's home folder. Copy them into ~/.ssh/authorized_keys. Now all your developers will be able to ssh into that machine. Now you have them do git pull webhostUsername@somehost:project.git

Example to set up empty directory:

ssh [email protected]
mkdir someProject.git
cd someProject.git
git init --bare
cd ~
git clone user@host:someProject.git test
cd test
touch README
git add README
git commit -m "added readme"
git push

Add developers to that account

scp someuser_id.pub [email protected]:
ssh [email protected]
cat someuser_if.pub >> ~/.ssh/authorized_keys

Now the person who created that public key will be able to connect to your server.

Every person that uses git has to give a username and email. That is how you keep track of who is using it. The user you use to push is only there for communicating.

Answer 2

We had a similar problem: one server with a git cloned repo and a used to which devs were connecting using SSH keys. Our problem was that we needed the exact committer that pushed from this server to Github.

git config which could be run probably from .bascrc at login time does not help since this sets the settings (user.name and user.email) in the SSH-enables users's home directory, and therefore to all devs connecting. Therefore the last one that makes a connection overrides the setting one other dev has just set.

I have found this article that you might also need about Carrying your Git settings around. This is about setting the variables:

GIT_AUTHOR_NAME="Developer Name"
[email protected]
GIT_COMMITTER_NAME="$GIT_AUTHOR_NAME"
GIT_COMMITTER_EMAIL="$GIT_AUTHOR_EMAIL"

on the developer machines and letting SSH forward them to the server as described in the pointed article.

But anyways, developers must be trusted since they can always spoof these settings.