Gitolite configuration directions are insecure
Bug #1424294 reported by
Ian Nicholson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Server Guide |
New
|
Undecided
|
Unassigned |
Bug Description
Relevant instructions:
$cp ~/.ssh/id_rsa.pub /tmp/$(whoami).pub
Let's switch to the git user and import the administrator's key into gitolite.
$sudo su - git
$gl-setup /tmp/*.pub"
The directions should explicitly import only the public key that the user means to import. My understanding is that keys shouldn't ever be stored in /tmp, since it's world writeable.
To post a comment you must log in.
Link: https:/ /help.ubuntu. com/14. 04/serverguide/ git.html# git-configuring -gitolite