Git Fusion enables Git users to work seamlessly with the Perforce file depot. One of the inital tasks after installing Git Fusion is to set up authentication using either HTTP or SSH. To set up SSH authentication, your users create SSH key pairs, check the public key files into the Perforce server, and then copy them over to Git Fusion.
For this example, you will be a Perforce admin setting up a Git user named Jill on a brand new Git Fusion installation. The first task is creation of an SSH public/private key pair. This is normally completed by issuing the ssh-keygen command on the user’s machine. The two keys will appear in Jill’s home directory.
A copy of the public key, the .pub file, is now forwarded to you, typically via email. Since this is the first time you are installing a key to the Perforce server, you will make a directory on your local workstation to hold the user keys. Create something easily identifiable like /home/admin/keys_to_add/. Next, we create a subdirectory to add Jill’s key. Her Perforce user name is “p4Jill” so you create a subdirectory called p4jill/keys/ and then add the key.
Next, the generic public key from Jill is renamed to something relevant since more than one key might be installed for a particular user. This one is for Jill’s Mac so name it jill_mac_key.pub. With the key added to the subdirectory, the whole path appears as /home/admin/keys_to_add/p4jill/keys/jill_mac_key.pub. It is important to remember to use the actual Perforce user name in the creation of the subdirectory.
Now you need to create a Perforce workspace to add the new keys from your local workstation directly to the correct place on the Perforce server. Create a workspace called “add-user-keys” to map your local directory to the Perforce depot directory that holds the keys. The root will be /home/admin/keys_to_add/ with the view //.git-fusion/users/... You can modify the p4 protections table to limit access to this new keys folder if needed.
To move the key files to the Perforce server, you first issue a standard add command. Then, perform a submit with your changelist description to copy them over to Perforce. It is also possible to enable users to submit their own keys directly to the Perforce server. Now Jill’s key lives on the Perforce server in the git-fusion users directory.
Lastly on the Git Fusion server, run the update authorized keys script as the Git Fusion UNIX service user. This is usually performed as a chron job. The script grabs all the keys in the Perforce //.git- fusion/users/ directory and puts them into the Git Fusion server's authorized keys directory at /home/git/.ssh/authorized_keys.
Once copied to Git Fusion, the keys will be modified by the script so the user only has access to perform Git operations such as clone, pull, and push, but not shell access to the Git fusion server itself. The permissions required to perform typical Git operations is managed separately from this authentication. This concludes the intro to GIt Fusion authentication setup.
Thanks for watching.