Monday, January 1, 2018
Git on the Server Setting Up the Server
Git on the Server Setting Up the Server
Setting Up the Server
Let�s walk through setting up SSH access on the server side. In this example, you�ll use the
authorized_keys method for authenticating your users. We also assume you�re running a standard Linux distribution like Ubuntu. First, you create a git user and a .ssh directory for that user.$ sudo adduser git
$ su git
$ cd
$ mkdir .ssh
Next, you need to add some developer SSH public keys to the
authorized_keys file for that user. Let�s assume you�ve received a few keys by e-mail and saved them to temporary files. Again, the public keys look something like this:$ cat /tmp/id_rsa.john.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4L
ojG6rs6hPB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4k
Yjh6541NYsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9Ez
Sdfd8AcCIicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myiv
O7TCUSBdLQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPq
dAv8JggJICUvax2T9va5 gsg-keypair
You just append them to your
authorized_keys file:$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys
Now, you can set up an empty repository for them by running
git init with the --bare option, which initializes the repository without a working directory:$ cd /opt/git
$ mkdir project.git
$ cd project.git
$ git --bare init
Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Let�s use
gitserver as the hostname of the server on which you�ve set up your git user and repository. If you�re running it internally, and you set up DNS forgitserver to point to that server, then you can use the commands pretty much as is:# on Johns computer
$ cd myproject
$ git init
$ git add .
$ git commit -m initial commit
$ git remote add origin git@gitserver:/opt/git/project.git
$ git push origin master
At this point, the others can clone it down and push changes back up just as easily:
$ git clone git@gitserver:/opt/git/project.git
$ cd project
$ vim README
$ git commit -am fix for the README file
$ git push origin master
With this method, you can quickly get a read/write Git server up and running for a handful of developers.
As an extra precaution, you can easily restrict the git user to only doing Git activities with a limited shell tool called
git-shell that comes with Git. If you set this as your git user�s login shell, then the git user can�t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for your user�s login shell. To do so, you�ll likely have to edit your /etc/passwd file:$ sudo vim /etc/passwd
At the bottom, you should find a line that looks something like this:
git:x:1000:1000::/home/git:/bin/sh
Change
/bin/sh to /usr/bin/git-shell (or run which git-shell to see where it�s installed). The line should look something like this:git:x:1000:1000::/home/git:/usr/bin/git-shell
Now, the git user can only use the SSH connection to push and pull Git repositories and can�t shell onto the machine. If you try, you�ll see a login rejection like this:
$ ssh git@gitserver
fatal: What do you think I am? A shell?
Connection to gitserver closed.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment