<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Oh, got it. The how-to Robert pointed to via private email is no
doubt exactly this approach, and that may be very valuable to me
some other day, but for now I can just treat GitHub as a parent of
an Atlassian repo and get on with my life. <br>
<br>
Thanks again!<br>
<br>
-Pete<br>
<br>
<div class="moz-cite-prefix">On 10/09/2017 03:43 PM, Carl Nobile
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAGQqDQL+Mp5sh=pFzN+pSCqGfYpJoYs2kqmO41g+Qm0mxYJMug@mail.gmail.com">
<div dir="ltr">Pete, they would not be logging into the server
with a UNIX shell account, this would only be an authenticated
request to the git server running on your server. Git handles
this and it is exactly hos GitHub and Bitbucket works.
<div><br>
</div>
<div>~Carl</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 9, 2017 at 3:39 PM, Pete
Soper <span dir="ltr"><<a href="mailto:pete@soper.us"
target="_blank" moz-do-not-send="true">pete@soper.us</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class=""> <br>
<br>
<div class="m_-6428859322794177846moz-cite-prefix">On
10/09/2017 03:28 PM, Carl Nobile wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
Pete,
<div><br>
</div>
<div>Here is my two-cents.</div>
<div><br>
</div>
If you have git running on a local server there is a
way to set it up to use ssh. It must be set up on
the server side to do this correctly. I've done it
before, but it was a few years ago. You would use a
URL similar to this, "<a
href="mailto:git@github.com" target="_blank"
moz-do-not-send="true">git@github.com</a>:<path
to git repo>.git" to access the repo. After the
server is setup then you will need to acquire the
public ssh keys, usually in a file named
".ssh/id_rsa.pub" from the user. This can be sent in
email, but never send the private key. Once the
public key is in the ".ssh/authorized_keys" file of
the account used by the git server the person can
log in. Sounds more complicated than it really is.</div>
</blockquote>
</span> Thanks for the extra detail.<br>
<br>
It's "the person can log in" part that would cause my ISP
of the past 17 years to fire me as a customer in a New
York minute. Anything that could be possibly interpreted
as "login to an interactive shell command line session"
collides with terms and conditions. <br>
<span class="HOEnZb"><font color="#888888"> <br>
-Pete</font></span>
<div>
<div class="h5"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div><br>
</div>
<div>I set this up for the Humanoid robotics
project, but I doubt they are still using it. It
is really a lot easier to use a GitHub account
which I think they use now.<br>
<div><br>
</div>
<div>~Carl</div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 9, 2017
at 2:35 PM, Pete Soper via TriEmbed <span
dir="ltr"><<a
href="mailto:triembed@triembed.org"
target="_blank" moz-do-not-send="true">triembed@triembed.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span
class="m_-6428859322794177846gmail-">
<br>
<br>
<div
class="m_-6428859322794177846gmail-m_-5346801561523100640moz-cite-prefix">On
10/09/2017 02:07 PM, Robert
Gasiorowski wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Instead of
password, why don't you use rsa
keys? That way, you don't have
to give your password away.
<div>Create two sets of rsa
keys, one for you and one for
the user, then add both
private keys to
authorized_keys on the server,
you keep your private key, and
the user will get the second
private key.</div>
</div>
</blockquote>
<br>
</span> Thanks, Bob! This is what I
meant by "second ssh password". I'm
98% sure I can follow some detailed
steps to accomplish this, but it isn't
sufficient: somebody could simply log
into the server and do anything at all
with the session. I think I need for
the login program (i.e. typically a
shell) to somehow know what password
was used for the login. <br>
<br>
But while dealing with a phone call
private msg got here. If that works
I'll publish a cheat sheet in case
anybody is interested.<span
class="m_-6428859322794177846gmail-HOEnZb"><font
color="#888888"><br>
<br>
-Pete </font></span><span
class="m_-6428859322794177846gmail-">
<blockquote type="cite">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon,
Oct 9, 2017 at 1:51 PM, Pete
Soper via TriEmbed <span
dir="ltr"><<a
href="mailto:triembed@triembed.org"
target="_blank"
moz-do-not-send="true">triembed@triembed.org</a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Folks,<br>
I have a problem that is
off topic, but there is past
precedent for us helping
each other with whatever.
I'm hoping somebody can sit
with me and my laptop for a
few minutes at tonight's
meeting and help me
implement a secure but
strictly limited access
scenario with my personal
domain server.<br>
<br>
I have a git repo on my
personal domain server and
can push/pull remotely using
my user account id and
password on a server running
an old version of CentOS
(2.6 kernel).<br>
<br>
What I need is to enable
alternate access by a second
party where the person doing
the access a) cannot use it
for anything except a git
push or pull, b) uses a
different password from my
regular one, and c) can
instantly lose this access
if I'm told by my ISP that
this dog won't hunt in
regards to his terms of
service.<br>
<br>
My simple minded
understanding of this is
that I need to arrange a
second ssh password, which I
think I can figure out, and
somehow only allow that
password to be used for git
commands (which I have no
clue about). I think this
latter detail is either
impossible without a second
user account on the server,
and that isn't an option, or
else with some additional
authentication magic that
recognizes my regular
password and proceeds or
this other password that
redefines PATH or something
to make all but git
inaccessible. Or maybe
somebody knows of a
virtually nearby log I can
fall over.<br>
<br>
<br>
-Pete<br>
<br>
<br>
______________________________<wbr>_________________<br>
Triangle, NC Embedded
Computing mailing list<br>
<a
href="mailto:TriEmbed@triembed.org"
target="_blank"
moz-do-not-send="true">TriEmbed@triembed.org</a><br>
<a
href="http://mail.triembed.org/mailman/listinfo/triembed_triembed.org"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">http://mail.triembed.org/mailm<wbr>an/listinfo/triembed_triembed.<wbr>org</a><br>
TriEmbed web site: <a
href="http://TriEmbed.org"
rel="noreferrer"
target="_blank"
moz-do-not-send="true">http://TriEmbed.org</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</span></div>
<br>
______________________________<wbr>_________________<br>
Triangle, NC Embedded Computing mailing
list<br>
<a href="mailto:TriEmbed@triembed.org"
target="_blank" moz-do-not-send="true">TriEmbed@triembed.org</a><br>
<a
href="http://mail.triembed.org/mailman/listinfo/triembed_triembed.org"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://mail.triembed.org/mailm<wbr>an/listinfo/triembed_triembed.<wbr>org</a><br>
TriEmbed web site: <a
href="http://TriEmbed.org"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://TriEmbed.org</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div
class="m_-6428859322794177846gmail_signature">------------------------------<wbr>------------------------------<wbr>-------------------<br>
Carl J. Nobile (Software Engineer)<br>
<a href="mailto:carl.nobile@gmail.com"
target="_blank" moz-do-not-send="true">carl.nobile@gmail.com</a><br>
------------------------------<wbr>------------------------------<wbr>-------------------</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div class="gmail_signature" data-smartmail="gmail_signature">-------------------------------------------------------------------------------<br>
Carl J. Nobile (Software Engineer)<br>
<a href="mailto:carl.nobile@gmail.com" target="_blank"
moz-do-not-send="true">carl.nobile@gmail.com</a><br>
-------------------------------------------------------------------------------</div>
</div>
</blockquote>
<br>
</body>
</html>