I have the following in my gitosis.conf. (Created via gitsosis-init < id_rsa.pub
with the key from my laptop)
[gitosis]
loglevel = DEBUG
[group gitosis-admin]
writable = gitosis-admin
members = michael@laptop
When I try git clone git@SERVER:gitsos-admin.git
, I get the following errors:
Initialized empty Git repository in /home/michael/gitsos-admin/.git/
DEBUG:gitosis.serve.main:Got command "git-upload-pack 'gitsos-admin.git'"
DEBUG:gitosis.access.haveAccess:Access check for 'michael@laptop' as 'writable' on 'gitsos-admin.git'...
DEBUG:gitosis.access.haveAccess:Stripping .git suffix from 'gitsos-admin.git', new value 'gitsos-admin'
DEBUG:gitosis.group.getMembership:found 'michael@laptop' in 'gitosis-admin'
DEBUG:gitosis.access.haveAccess:Access check for 'michael@laptop' as 'writeable' on 'gitsos-admin.git'...
DEBUG:gitosis.access.haveAccess:Stripping .git suffix from 'gitsos-admin.git', new value 'gitsos-admin'
DEBUG:gitosis.group.getMembership:found 'michael@laptop' in 'gitosis-admin'
DEBUG:gitosis.access.haveAccess:Access check for 'michael@laptop' as 'readonly' on 'gitsos-admin.git'...
DEBUG:gitosis.access.haveAccess:Stripping .git suffix from 'gitsos-admin.git', new value 'gitsos-admin'
DEBUG:gitosis.group.getMembership:found 'michael@laptop' in 'gitosis-admin'
ERROR:gitosis.serve.main:Repository read access denied
fatal: The remote end hung up unexpectedly
I know my key is being accepted because I have tried logging in via SSH and although a terminal won't be allocated, the authorization works.
I'm not sure if you made a mistake while pasting your question in but are you 100% positive you used:
git clone git@SERVER:gitsos-admin.git
and notgit@SERVER:gitosis-admin.git
...It's a subtle change but your example shows you trying to clone gitsos-admin.git and not gitosis-admin.git
Are you sure that the user that gitosis is running as has access privileges to the directory that the repository is in? (And all its sub-directories, including the repo itself.) I ran into this problem myself when first setting up our gitosis server.
Another reason this can happen is if the keyfile names don't match the names in gitosis.conf. The important point is this: your name appears in three places. First, in the gitosis.conf file. Second in the name of the keyfile. Third, inside the keyfile at the end of your public key.
I found out the hard way the name of the keyfile has to be your user name (in gitosis.conf) with ".pub" appended to it. So, for example, if your user name is "mtiller" in gitosis.conf then your keyfile better be named "mtiller.pub". The name inside the keyfile is (as far as I can tell) irrelevant.
This can be extremely confusing because even Git's debugging output doesn't say something explicit like "couldn't find key for user xyz" which is really annoying. In other words, it spits out authorization messages/errors when the issue is really an authentication problem.
Depending on how you import the keys this can get messed up. Although I don't think the method you mention in your question would cause this problem I mention it because I hit your question while looking for solutions to the name mismatch issues so somebody else might come along at some point with that problem.
I know this isn't directly an answer to your question here, but I don't have enough rep. to leave a comment. What Michael Tiller says isn't fully correct. I was running into a similar issue which I spelled out here
How can I make gitosis distinguish between two users with the same username
The name you use in gitosis.conf and the name of the ssh key file do need to be the same. However, this does not need to correspond in any way with the username element inside the ssh key file.