Cannot Clone Repository: Fatal: R Any Gitolite-Admin Gitolite Denied by Fallthru

  • Home
  • Languages
  • Linux
  • Cannot Clone Repository: Fatal: R Any Gitolite-Admin Gitolite Denied by Fallthru

Cannot clone repository: FATAL: R any gitolite-admin gitolite DENIED by fallthru

If you have a ~/.ssh/config file, you need to use the scp-like syntax for your ssh url:

git clone debian:gitolite-admin.git

With a config like:

host debian
  user gitolite
  hostname debian
  identityfile ~/.ssh/gitolite
  port 2222

And you are not supposed to specify the full path of the repo.

git clone git@myserver:gitolite-admin fails

gitolite-admin is only accessible with the public key named after the git account used for the gitolite server.

You are using by default your brian.pub, which only gives you access to testing.git repo.

you need to define a $HOME/.ssh/config file on your local workstation, in order to record ssh parameters to use the right key.

See "gitolite: can connect via ssh, can't clone".

~/.ssh/gitolite.pub
~/.ssh/gitolite

Then I define a config file: ~/.ssh/config with in it:

host gitolite
     user git # replace it by the actual git user for the gitolite server
     hostname server.com
     identityfile ~/.ssh/gitolite

The clone will work:

git clone gitolite:gitolite-admin

The OP macbert confirms:

I did rename the key to git.pub, ran gitolite setup -pk git.pub and removed the old brian key from the .gitolite/keydir.

After that I got git clone git@myserver:gitolite-admin:

Cloning into 'gitolite-admin'... 
remote: Counting objects: 15, done. 
remote: Compressing objects: 100% (12/12), done. 
remote: Total 15 (delta 0), reused 0 (delta 0) 
Receiving objects: 100% (15/15), done.

So with the right default key, a ssh git@myserver info should this time display the right access for gitolite-admin repo in the 'hello' message.

Failed to clone gitolite repo and lead to fatal error

Check first your ~git/.ssh/authorized_keys on the Gitolite server: if you want to clone a gitolite-managed repository (including the main gitolite-admin one), your public key should be:

  • listed in that ~git/.ssh/authorized_keys file,
  • preceded with the forced-command command="[path]/gitolite-shell (as I detail in "How do programs like gitolite work?")

Otherwise, assuming your public key is registered (not for gitolite, just for regular interactive SSH session), then your clone would be:

git clone git@******:/full/path/to/gitolite-admin

The OP justsomexanda adds in the comments:

I relinked my pub- and priv-keys.

After rechecking them I could clone "testing" but not "gitolite-admin" so I looked closer and saw that in repositories/gitolite-admins/gl-conf there was the name of my key (which I called 'myKey') but it was not the same identities which I logged in (named 'alex').

I changed the name in the conf and it worked.

So in summary: just check you name the keys right and you are using the correct identity.

gitolite installation: I cannot clone gitolite-admin repo!

Finally, I've got an answer from myself!

gitolite user created by devian package gitolite automatically is not allowed to login by sshd. so i've added gitolite to AllowUsers in file sshd_config.

Wew~~~

Gitolite denies access to a repo while allowing another

While Windows is not case sensitive, Gitolite is, testing for the existence of the bare repo folder (see lib/Gitolite/Conf/Load.pm#L245-L250).

or you mis-spelled the reponame

If the gitolite.conf file allows access for OpenTK-10Bit-test, trying to clone OpenTk-10Bit-test (as commented by And) will not work and will be denied.

Cannot access gitolite repos with non-gitolite admin users

You never clone/access a gitolite-managed repo with a 'user'.

You always use the 'git' account that you used to install gitolite.

Gitolite will then deduce who you actually are by looking for the public key used for this call in the ~git/.ssh/authorized_keys file.

See more at "How do programs like gitolite work?".

If you want to access a gitolite-managed repo as different user, you need to have the right public/private keys for those users, and reference the private key in an ~/.ssh/config file, as shown in "users are asked for password while using gitolite".

Host gitolite_as_user1
    HostName gitolite_server_name
    User git
    IdentityFile ~/.ssh/user1

Host gitolite_as_user2
    HostName gitolite_server_name 
    User git
    IdentityFile ~/.ssh/user2

Note that the ssh url will be:

ssh://gitolite_as_user1:yourRepo
ssh://gitolite_as_user2:yourRepo

And it will always use the 'git' account (but with different public ssh keys)


Related Topics

How to Protect My Process from Being Killed

Where Is Open_Max Defined for Linux Systems

Linux Socket Using Multiple Threads to Send

How to Send Sigint (Ctrl-C) to Current Remote Process Over Ssh (Without -T Option)

How to Debug the Linux Kernel with Qemu and Kgdb

Curl Command for Https ( Ssl )

Redhat Daemon Function Usage

Using Sed to Get the Last N Lines of a Huge Text File

Prepend Data from One File to Another

What Does This Command Do? "Exec Bash -L"

Dhcp Server to Redirect Any Url to Landing Page

Vim Incremental Search

"Tput: No Value for $Term and No -T Specified " Error Logged by Cron Process

Cmake Can't Find Curses

Writing a Bash For-Loop with a Variable Top-End

Start a Process with a Name

How to Write-Protect Every Page in the Address Space of a Linux Process

Unsupported Protocol While Download Tar.Gz Package


Leave a reply



Submit