I was wondering if anyone has a good, clean, safe way to manage github Organization repository access on their servers?
It seems that you can only attach pub keys to your personal account and cannot restrict access solely to an organization.
We've got a beta server where we put multiple projects so deploy keys, because they need to be unique, aren't ideal. It would be nice to give global access to the organization, but I don't want to give the server, which we have freelancers on, full access to my personal account (The server gets access to the organization, which is good, but also to my personal projects and every other organization I belong to, which is bad).
The two workarounds that I see is to either set up a dummy github user to go through, which seems stupid, or to enable ssh agent forwarding, which feels like a security risk (I'm not the best server-admin).
A friend suggested setting up the server as a remote to push to, but it seems like a band-aid solution.
I would like to think there's an easier way to set up access for an organization's repo as I would think it would be a fundamental need for everyone.
I'm all ears if anyone would like to share something that has/is working for their github organization.
I'll probably just bite the bullet and create a dummy github user and call it a day, I need to get work done.
To use a second GitHub account for authentication, generate a second SSH key with a different file name than the first key. For example, your first SSH key might have files names such as id_rsa (private key) and id_rsa. pub (public key).
So, when you (as a user) setup your git environment you can create only one ssh-key for each machine you would like to give permission to your GitHub's account. Show activity on this post. Use a key per developer - each dev should generate their own key.
An alternative to the answer from sergey_mo (and as a direct answer Michał Szajbe's final question) is to create multiple ssh keys as documented by chalien on githib:
https://gist.github.com/jexchan/2351996
I don't understand why adding a dummy-account is so bad for automatic deployment, as long as you run your own beta-server as a staging area before pushing to GitHub. That is, if you want the betacode to be private.
The usual GitHub-way would be to add all the collaborators and simply have a stable project and a beta fork. You'd automatically pull the current beta version to your beta server for testing (no ssh key needed there) and if your tests succeed, you pull in the merges from the beta fork to the stable project.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With