You are here: Foswiki>IN Web>Services>Git (20 Jan 2023, BenjaminPeter)Edit Attach


ACO is running a gitea installation for controls related software.


The server is only available inside the GSI Network. No internet service.

Gitea is attached to the ACO Identity Management. To apply for an account see UserAccount.

For git protocol access https (with username/password) and ssh (with public private keys, see also SshAgent) is available.

Access permissions for repositories are administrated by their respective owners.

Note: kerberos authentication is not possible. It collides with giteas cookie based authentication mechanisms.


Any user has his own organization (equals username). Additional organizations can be created. The names of organizations may not collide with usernames.


Each organization has a special team "Owners". This team can't be deleted or renamed and has full access to all repositories in the organization.

Additional teams can be created by the organization owners.

Repositories must be assigned to teams to apply permissions.

Teams can be synchronized with ldap groups. For this add ldap=GROUP to the teams description. Multiple groups can be merged (ldap=GROUP1 ldap=GROUP2). Ldap synchronizations happens asynchronous. Manual changes to a synchronized team are possible (for example to grant immediate access), but will be overwritten on the next sync.


for protected/private projects that should be accessed by jenkins grant permissions to the user cibuild. Jenkins projects should then be configured use the https url and the credentials for cibuild.

Wiki and Bugtracker

There has been no decision if bugzilla will be replaced with the gitea bugtracker.

If we ever migrate to a different git management system only git repositories will be migrated.

Git Server SSH Hostkey

Recent openssh version (archlinux, rhel9, etc) will prevent access to legacy ciphers. Until we replace the gitea config modify you need to modify local ssh config (~/.ssh/config)

        HostKeyAlgorithms +ssh-rsa
        PubkeyAcceptedKeyTypes +ssh-rsa

and once we replace the gitea config everyone will get a changed-ssh-key error.

Git Client SSH key

ssh rsa keys won't work with el9 clients. Time to switch to a newer crypto. ssh-keygen -t ed25519

-- ChristophHandel - 20 Feb 2019
Topic revision: r7 - 20 Jan 2023, BenjaminPeter
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback