gitsshprivate-keyassembla

Best practice for using git private key on a public server with a shared user


I Currently use some servers to do some benchmarks. I need to log into multiple servers and git clone ... from assembla.

Currently I copy my private key to the server and then update the .ssh/config file. Although I share this user and server with other people to do their benchmarks. What is the best practice for this(without creating a new user for everyone on the server). Is there anyway I can use ssh-add key then use git on the server and pull the repo without storing the key on the server?


Solution

  • Enable SSH agent forwarding

    Since you're using key-based authentication, the best solution is to allow forwarding of the authentication agent connection over the secure channel. If your public key is stored on the last server, there’s no need to store your corresponding private key on the intermediate host.

    Since the default client setting is not to forward the authentication agent to the remote host, you should enable agent forwarding in your client configuration. Add the following line to your ~/.ssh/config:

    Host intermediate.server.name
        ForwardAgent yes
    

    On the server, the default is to enable Agent Forwarding but in case it has been disabled, you should ensure that the following line is uncommented in the server’s SSHD configuration (usually /etc/sshd_config).

    AllowAgentForwarding yes
    

    GitHub have a good article on Using SSH agent forwarding which references Steve Friedl's comprehensive Guide to SSH Agent Forwarding.