<div dir="ltr">Pete, they would not be logging into the server with a UNIX shell account, this would only be an authenticated request to the git server running on your server. Git handles this and it is exactly hos GitHub and Bitbucket works.<div><br></div><div>~Carl</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 9, 2017 at 3:39 PM, Pete Soper <span dir="ltr"><<a href="mailto:pete@soper.us" target="_blank">pete@soper.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
<br>
<br>
<div class="m_-6428859322794177846moz-cite-prefix">On 10/09/2017 03:28 PM, Carl Nobile
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
Pete,
<div><br>
</div>
<div>Here is my two-cents.</div>
<div><br>
</div>
If you have git running on a local server there is a way to set
it up to use ssh. It must be set up on the server side to do
this correctly. I've done it before, but it was a few years ago.
You would use a URL similar to this, "<a href="mailto:git@github.com" target="_blank">git@github.com</a>:<path
to git repo>.git" to access the repo. After the server is
setup then you will need to acquire the public ssh keys, usually
in a file named ".ssh/id_rsa.pub" from the user. This can be
sent in email, but never send the private key. Once the public
key is in the ".ssh/authorized_keys" file of the account used by
the git server the person can log in. Sounds more complicated
than it really is.</div>
</blockquote></span>
Thanks for the extra detail.<br>
<br>
It's "the person can log in" part that would cause my ISP of the
past 17 years to fire me as a customer in a New York minute.
Anything that could be possibly interpreted as "login to an
interactive shell command line session" collides with terms and
conditions. <br><span class="HOEnZb"><font color="#888888">
<br>
-Pete</font></span><div><div class="h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>I set this up for the Humanoid robotics project, but I
doubt they are still using it. It is really a lot easier to
use a GitHub account which I think they use now.<br>
<div><br>
</div>
<div>~Carl</div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 9, 2017 at 2:35 PM,
Pete Soper via TriEmbed <span dir="ltr"><<a href="mailto:triembed@triembed.org" target="_blank">triembed@triembed.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="m_-6428859322794177846gmail-"> <br>
<br>
<div class="m_-6428859322794177846gmail-m_-5346801561523100640moz-cite-prefix">On
10/09/2017 02:07 PM, Robert Gasiorowski wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Instead of password, why don't
you use rsa keys? That way, you don't have to
give your password away.
<div>Create two sets of rsa keys, one for you
and one for the user, then add both private
keys to authorized_keys on the server, you
keep your private key, and the user will get
the second private key.</div>
</div>
</blockquote>
<br>
</span> Thanks, Bob! This is what I meant by "second
ssh password". I'm 98% sure I can follow some
detailed steps to accomplish this, but it isn't
sufficient: somebody could simply log into the
server and do anything at all with the session. I
think I need for the login program (i.e. typically a
shell) to somehow know what password was used for
the login. <br>
<br>
But while dealing with a phone call private msg got
here. If that works I'll publish a cheat sheet in
case anybody is interested.<span class="m_-6428859322794177846gmail-HOEnZb"><font color="#888888"><br>
<br>
-Pete </font></span><span class="m_-6428859322794177846gmail-">
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 9, 2017
at 1:51 PM, Pete Soper via TriEmbed <span dir="ltr"><<a href="mailto:triembed@triembed.org" target="_blank">triembed@triembed.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Folks,<br>
I have a problem that is off topic, but
there is past precedent for us helping
each other with whatever. I'm hoping
somebody can sit with me and my laptop for
a few minutes at tonight's meeting and
help me implement a secure but strictly
limited access scenario with my personal
domain server.<br>
<br>
I have a git repo on my personal domain
server and can push/pull remotely using my
user account id and password on a server
running an old version of CentOS (2.6
kernel).<br>
<br>
What I need is to enable alternate
access by a second party where the person
doing the access a) cannot use it for
anything except a git push or pull, b)
uses a different password from my regular
one, and c) can instantly lose this access
if I'm told by my ISP that this dog won't
hunt in regards to his terms of service.<br>
<br>
My simple minded understanding of this
is that I need to arrange a second ssh
password, which I think I can figure out,
and somehow only allow that password to be
used for git commands (which I have no
clue about). I think this latter detail is
either impossible without a second user
account on the server, and that isn't an
option, or else with some additional
authentication magic that recognizes my
regular password and proceeds or this
other password that redefines PATH or
something to make all but git
inaccessible. Or maybe somebody knows of a
virtually nearby log I can fall over.<br>
<br>
<br>
-Pete<br>
<br>
<br>
______________________________<wbr>_________________<br>
Triangle, NC Embedded Computing mailing
list<br>
<a href="mailto:TriEmbed@triembed.org" target="_blank">TriEmbed@triembed.org</a><br>
<a href="http://mail.triembed.org/mailman/listinfo/triembed_triembed.org" rel="noreferrer" target="_blank">http://mail.triembed.org/mailm<wbr>an/listinfo/triembed_triembed.<wbr>org</a><br>
TriEmbed web site: <a href="http://TriEmbed.org" rel="noreferrer" target="_blank">http://TriEmbed.org</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</span></div>
<br>
______________________________<wbr>_________________<br>
Triangle, NC Embedded Computing mailing list<br>
<a href="mailto:TriEmbed@triembed.org" target="_blank">TriEmbed@triembed.org</a><br>
<a href="http://mail.triembed.org/mailman/listinfo/triembed_triembed.org" rel="noreferrer" target="_blank">http://mail.triembed.org/mailm<wbr>an/listinfo/triembed_triembed.<wbr>org</a><br>
TriEmbed web site: <a href="http://TriEmbed.org" rel="noreferrer" target="_blank">http://TriEmbed.org</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="m_-6428859322794177846gmail_signature">------------------------------<wbr>------------------------------<wbr>-------------------<br>
Carl J. Nobile (Software Engineer)<br>
<a href="mailto:carl.nobile@gmail.com" target="_blank">carl.nobile@gmail.com</a><br>
------------------------------<wbr>------------------------------<wbr>-------------------</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">-------------------------------------------------------------------------------<br>Carl J. Nobile (Software Engineer)<br><a href="mailto:carl.nobile@gmail.com" target="_blank">carl.nobile@gmail.com</a><br>-------------------------------------------------------------------------------</div>
</div>