Is it possible to setup Gerrit for GIT without using per person SSH certificates
https://stackoverflow.com//questions/22018602
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
I am trying to setup GIT + GERRIT infrastructure for my team. We are part of bigger company. Company with procedures and practices.
Upto now we have been using SVN, which allows for LDAP authentication. We basically were able to commit using username and password.
Now I have been struggling for several days with the GIT configuration. I know that theoretically speaking it is possible to configure GIT to use such pairs of username/password for the commits instead of SSH certificates.
However, I am pretty decided on code reviews and GERRIT. Now as I started reading it seems that there is no way to configure account in GERRIT if you do not configure SSH key for it. This seems to me like double authentication as we already expose Gerrit through https and have credentials for controlling the access. Also I do not think I have the influence to make the admins either:
- provide per account SSH keys through the LDAP
- configure the keys for each instance of Gerrit (as we have many repositories we want to migrate)
Currently if I do not find a way around that maybe my quest for migration to GIT will fail. Is there a way to configure GIT to work with gerrit without providing per person SSH certificate? I still need to be able to distinguish as commiters all the users in significant LDAP directory.
Solução
Is there a way to configure GIT to work with gerrit without providing per person SSH certificate?
Yes. Gerrit supports encrypted git communication through either ssh or https. ssh requires keys, https uses a username/(Gerrit-generated)password. You can disable ssh if you don't want to use keys - this is what Google does for their Gerrit servers (see https://android-review.googlesource.com/)
Also I do not think I have the influence to make the admins either:
- provide per account SSH keys through the LDAP
- configure the keys for each instance of Gerrit (as we have many repositories we want to migrate)
Fortunately you don't need to do this with Gerrit. Gerrit uses a built-in ssh server, it does not use the server's standard ssh server. Users create their own ssh keys locally, and upload them to Gerrit through the web interface. You don't need the admins to provide or configure keys.
