2.3. Git

2.3.1. Diamond Light Source Git server

The DLS Git server cannot be accessed from outside the Diamond network, and requires authorisation. Anonymous access is not supported. Access is controlled by SSH keys (using Gitolite).

Once you have been are authorised, you will need to send your public SSH key(s) to the DLS Git repository administrator (there are no security problems with publishing your public key(s); that’s why they’re called public).

Once you have been registered with the DLS Git server, you can see what repositories you have access to, by issuing the following:

ssh dascgitolite@dasc-git.diamond.ac.uk info  # issue command exactly as it appears, don't change the userid
                                              # if you are prompted for a password, there is an error in the setup

2.3.2. GitHub server

Github can be accessed from anywhere, and authentication is optional.

Access is controlled by SSH keys.

2.3.3. Creating an SSH keypair

The simplest cross-platform way to generate an SSH keypair is from within Ellipse itself, at Window ‣ Preferences ‣ General ‣ Network Connections ‣ SSH2 ‣ Key Management. Be careful not to overwrite any existing keys that you are using.

There are many instructions on the web for setting up an SSH key pair from the command line:

  • One set is Github’s instructions. Follow the Set Up SSH Keys section, stopping when you come to the step Add your SSH key to GitHub (you don’t actually need to set up a GitHub account, unless you want to).
  • DLS users might also want to look at the relevant Diamond Intranet page, which includes instructions on using a key pair to enable SSH between Diamond machines without entering your password.

2.3.3.1. Security Notes

When you generate a new key pair, use RSA encryption in preference to DSA. It is possible to have multiple key pairs, each one dedicated for a specific service or role.

You must keep your private key(s) absolutely secure. The private key file (default name: ~/.ssh/id_rsa) must be readable only by you.

If need to access the Git repositories from more than one location:

  • You don’t need to copy your private key from one machine to another; if you do this, make sure the copy is done in a secure manner. alternatively, generate a new key pair at each location.
  • Provide a copy of each public key to the DLS Git repository administrator. Multiple keys for one user are ok.

It is normally recommended that you protect your private key file with a passphrase. However, note that command line Buckminster cannot materialize from Git repositories if our private key has a passphrase.

  • Without a passphrase, your private key file on disk will be all an attacker needs to gain access to any machine configured to accept that key.

  • Do not forget your passphrase. There is no way to recover it.

  • (Linux) This command will list all your private key files that do not have a passphrase:

    find ~/.ssh -type f -exec grep -l "BEGIN RSA PRIVATE KEY" {} \; | xargs -i grep -L "Proc-Type" {}
    
  • (Linux) You can add/change/remove the passphrase for existing private key file (this does not change your public key):

    ssh-keygen -p -f ~/.ssh/id_rsa  # the -f option specifies the name of your private key file
    

See also

Eclipse EGit User Guide
The official guide to EGit (Eclipse integration with git), including a section on github