diff options
Diffstat (limited to 'doc/todo')
2 files changed, 65 insertions, 0 deletions
diff --git a/doc/todo/wishlist__91__webapp__93__:_add_an_option_to_install__SSH_key_on_remote/comment_2_06230669218541ac392d674bedd43176._comment b/doc/todo/wishlist__91__webapp__93__:_add_an_option_to_install__SSH_key_on_remote/comment_2_06230669218541ac392d674bedd43176._comment new file mode 100644 index 000000000..79ebb5e7c --- /dev/null +++ b/doc/todo/wishlist__91__webapp__93__:_add_an_option_to_install__SSH_key_on_remote/comment_2_06230669218541ac392d674bedd43176._comment @@ -0,0 +1,43 @@ +[[!comment format=mdwn + username="http://olivier.mehani.name/" + nickname="olivier-mehani" + subject="Manual solution" + date="2014-06-14T13:59:38Z" + content=""" +My problem stems from the fact that I manually git clone the git-annex repo, which prevents the assistant from creating the setup to use passwordless keys. I just reverse-engineered a working setup to work up what I was missing. I jot it down here for reference, but I guess the bottomline is that if you want to use the assistant with a repo, do it from the start. + +I assume that the client has a clone of the git(-annex) repo of the server. + + client$ git clone server:annex + +Our goal is to let git-annex on the client know that there is a specific key to use when connecting to server that will let it access the git-annex-shell (without a password). We first create the key. + + client:~$ ssh-keygen -t rsa -f ~/.ssh/git-annex/key.git-annex-server-user_annex + [enter an empty passphrase] + +We can then create a virtual SSH host on the client that will use this key to connect to the server, in client:~/.ssh/config: + + # Added manually for git-annex + Host git-annex-server-user_annex + Hostname server + Port 22 + IdentityFile ~/.ssh/git-annex/key.git-annex-server-user_annex + IdentitiesOnly yes + StrictHostKeyChecking yes + +(git-annex seems to use .2F (%2F) to encode path separators in the filenames.) + +The server then needs to know to let the key in, but only for git-annex in the specific folder. This is done in server:.ssh/authorized_keys: + + command=\"GIT_ANNEX_SHELL_DIRECTORY='annex' ~/.ssh/git-annex-shell\",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAA... user@client + +The bit starting with ssh-rsa is the public key created in client:.ssh/git-annex/key.git-annex-server-user_annex.pub at the same time as the private key. + +Finally, all that remains is to change the remote in the client clone to use the virtual SSH host. + + client:~/annex $ git remote set-url origin ssh://user@git-annex-server-user_annex/~/annex + client:~/annex $ git remote set-url origin --push ssh://user@git-annex-server-user_annex/~/annex + +If everything worked, a sync from the client should now work without asking for a password, and starting the assistant will not either. + +"""]] diff --git a/doc/todo/wishlist__91__webapp__93__:_add_an_option_to_install__SSH_key_on_remote/comment_3_002afd775b82a0ced609c8305803a6c2._comment b/doc/todo/wishlist__91__webapp__93__:_add_an_option_to_install__SSH_key_on_remote/comment_3_002afd775b82a0ced609c8305803a6c2._comment new file mode 100644 index 000000000..2515349a6 --- /dev/null +++ b/doc/todo/wishlist__91__webapp__93__:_add_an_option_to_install__SSH_key_on_remote/comment_3_002afd775b82a0ced609c8305803a6c2._comment @@ -0,0 +1,22 @@ +[[!comment format=mdwn + username="http://olivier.mehani.name/" + nickname="olivier-mehani" + subject="comment 3" + date="2014-06-14T14:15:55Z" + content=""" +After having done that on my first test repo, git-annex could sync, but failed to get the files. + + client:~/annex$ git annex get file + get file (not available) + Try making some of these repositories available: + 12345678-90ab-cdef-1234567890abcdef1 -- user@server:~/annex [origin] + + (Note that these git remotes have annex-ignore set: origin) + failed + git-annex: get: 1 failed + +The note helps: the problem is with the origin remote having annex-ignore set. git-annex therefore ignores it. This is easily fixed by just setting the flag to false. + + client:~/annex$ git config remote.origin.annex-ignore false + +"""]] |