I’m migrating scripts from one CentOS host to another. (The old one is CentOS 6 and the new one is CentOS 7.) One of the items I want to move is a script that’s part of a git repo.
I know it’s a git repo because it has a
.git directory. The directory and files are owned by a local user,
Where did this git repo come from?
You can call
git config -l and it will tell you things about the repo, including the
remote.origin.url. Now I can tell that it came from my GitHub Enterprise (GHE) instance.
But it doesn’t tell you who created it. And
luser1 doesn’t exist on my GitHub Enterprise instance.
I tried to clone it on the new host, just to see what would happen:
$ sudo -u luser1 git clone firstname.lastname@example.org:team1/the-sauce.git
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Somehow luser1 is able to interact with this repo on the old host, even though the user doesn’t exist in GHE.
Fortunately the local repo has some history:
$ head -n1 .git/logs/HEAD
0000000000000000000000000000000000000000 ab509345a16d987dac10987c4bc2df0c0dfb3ed9 luser1 luser1 <email@example.com> 1505633110 -0500 clone: from firstname.lastname@example.org:team1/the-sauce.git
Right there there it is, all the info I wanted! Except that’s the same user, the user that doesn’t even exist in GitHub Enterprise.
Or does it? I went looking at some of the other users in my GitHub Enterprise instance. There were a few system accounts, and when I checked some of them had several SSH keys associated with the accounts. One of the SSH key fingerprints even said
I wanted to compare that key fingerprint to the key in
/home/luser1/.ssh/id_rsa.pub. I can never remember how to do that, but StackOverflow had the answer on How do I find my RSA key fingerprint?
$ ssh-keygen -lf /home/luser1/.ssh/id_rsa.pub
2048 bb:fc:1c:03:17:5f:67:4f:1f:0b:50:5a:9f:f9:30:e5 /home/luser1/.ssh/id_rsa.pub (RSA)
The fingerprint matches! The SSH key was added to a completely different username in GitHub Enterprise which does have access to the repo.
That works, but why would someone do that? Convenience, I assume, but it wasn’t obvious when I needed to reverse-engineer it!