From 079319e283b4fb903254d3fa6bb1a3bd070bd4d5 Mon Sep 17 00:00:00 2001 From: "David T. Sadler" Date: Sat, 29 May 2021 22:35:33 +0100 Subject: Setting up a Self Hosted Git Server --- gemini/index.gmi | 2 + .../setting-up-a-self-host-git-server/index.gmi | 132 +++++++++++++++++++++ gemini/posts/git/index.gmi | 11 ++ www/index.html | 2 +- www/posts/atom.xml | 36 +++++- .../setting-up-a-self-host-git-server/index.html | 51 ++++++++ www/posts/git/atom.xml | 43 +++++++ www/posts/git/index.html | 25 ++++ www/sitemap.xml | 4 + 9 files changed, 304 insertions(+), 2 deletions(-) create mode 100644 gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi create mode 100644 gemini/posts/git/index.gmi create mode 100644 www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html create mode 100644 www/posts/git/atom.xml create mode 100644 www/posts/git/index.html diff --git a/gemini/index.gmi b/gemini/index.gmi index 2e71726..722f05f 100644 --- a/gemini/index.gmi +++ b/gemini/index.gmi @@ -4,6 +4,7 @@ Hello and welcome to my little bit of the internet where I occasionally write ab ## Latest Posts +=> /posts/git/2021-05-29/setting-up-a-self-host-git-server/ 2021-05-29 - Setting up a Self Hosted Git Server => /posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/ 2021-05-28 - Pre and Post Validation Hooks with Certbot => /posts/letsencrypt/2021-05-27/wildcard-certificates-with-lets-encrypt/ 2021-05-27 - Wildcard Certificates with Let's Encrypt => /posts/nextcloud/2021-02-15/accessing-nextcloud-with-webdav-on-arch/ 2021-02-15 - Accessing Nextcloud With WebDAV on Arch @@ -31,6 +32,7 @@ Hello and welcome to my little bit of the internet where I occasionally write ab => /posts/arch/ Arch => /posts/gemini/ Gemini +=> /posts/git/ Git => /posts/jigsaw/ Jigsaw => /posts/laravel/ Laravel => /posts/letsencrypt/ Let's Encrypt diff --git a/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi b/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi new file mode 100644 index 0000000..9729b24 --- /dev/null +++ b/gemini/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.gmi @@ -0,0 +1,132 @@ +# Setting up a Self Hosted Git Server + +> Sat 29th May 2021 By David T. Sadler. + +I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves. + +* Installing git. +* Creating a git user. +* Setting up ssh so that I can log into the sever securely as the git user. +* Creating a test repository on the server. +* Creating a test project on my local machine. +* Pushing the test project to the git sever. + +## Installing Git + +Since its an Ubuntu server installing git is as simple as. + +```shell +$ sudo apt install git-core +``` + +## Creating a User + +The git user will serve two purposes. + +* The repositories will be stored in the user's home directory. +* The user account will contain the public ssh keys of remote users that can access the repositories. + + +```shell +$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git +``` + +* --system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option. +* --shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh. +* --group Creates a group that is the same name as the user. +* --disabled-password Prevent logging in with a password. The use of ssh keys is still allowed. +* --home /home/git The home directory for the user. + +## Setting up SSH + +On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account. + +The below commands create the required .ssh directory and authorized_keys file with the correct permissions. + +```shell +$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys +``` + +Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. + +```shell +$ sudo vim /home/git/.ssh/authorized_keys +``` + +Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key. + +```shell +$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair +``` + +On my local machine I can test ssh access. + +```shell +$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access. +``` + +The message that comes back indicates that ssh is working and that the git-shell is been used. + +## Creating a Test Repository + +An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out. + +```shell +$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main +``` + +## Creating a Test Project + +Back on my local machine I can create a test project and push it to the remote server. + +```shell +$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main +``` + +I can also test that I can clone the repository. + +```shell +rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git +``` + +### Links + +=> /posts/git/ Git - Read More Posts. + +I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to. + +=> mailto:david@davidtsadler.com Email david@davidtsadler.com + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. diff --git a/gemini/posts/git/index.gmi b/gemini/posts/git/index.gmi new file mode 100644 index 0000000..67bc17d --- /dev/null +++ b/gemini/posts/git/index.gmi @@ -0,0 +1,11 @@ +# The Home of David T. Sadler - All Posts About Git + +=> /posts/git/2021-05-29/setting-up-a-self-host-git-server/ 2021-05-29 - Setting up a Self Hosted Git Server + +### License + +=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. + +Copyright © 2021 David T. Sadler. + +=> / Return to Homepage. diff --git a/www/index.html b/www/index.html index a104a2b..a66f580 100644 --- a/www/index.html +++ b/www/index.html @@ -18,7 +18,7 @@ -

The Home of David T. Sadler

Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.

Latest Posts

2021-05-28 - Pre and Post Validation Hooks with Certbot2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

All Posts

Post Archive

Tags

ArchGeminiJigsawLaravelLet's EncryptLinuxMarkdownNetlifyNextcloudPHP

Where to Find Me

GitHubGemini SiteEmail david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

+

The Home of David T. Sadler

Hello and welcome to my little bit of the internet where I occasionally write about things that interest me. You might find my posts interesting or you might not and that's okay.

Latest Posts

2021-05-29 - Setting up a Self Hosted Git Server2021-05-28 - Pre and Post Validation Hooks with Certbot2021-05-27 - Wildcard Certificates with Let's Encrypt2021-02-15 - Accessing Nextcloud With WebDAV on Arch2021-02-08 - How to Host Your Own Gemini Site in the Cloud2021-01-18 - Installing PHP 8 for Windows 102020-12-21 - Installing Laravel Homestead in Arch Linux2020-12-14 - SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed2020-09-07 - Installing Zsh and Powerlevel10k on Arch Linux2020-08-31 - Enabling Audio in Arch Linux2020-08-24 - Pacman Cheat Sheet For Ubuntu Users2020-08-17 - Installing ST, DMENU and DWM in Arch Linux2020-07-13 - Sudo: sorry, you must have a tty to run sudo2020-06-22 - Granting Sudo Access to a User in Arch Linux2020-06-15 - Adding a User in Arch Linux2020-06-08 - Publishing Jigsaw Posts With Netlify Build Hooks2020-06-01 - Scheduling Posts in Jigsaw2020-05-25 - Installing Arch Linux on a Thinkpad X2202020-03-30 - Creating an Ebook With Markdown

All Posts

Post Archive

Tags

ArchGeminiGitJigsawLaravelLet's EncryptLinuxMarkdownNetlifyNextcloudPHP

Where to Find Me

GitHubGemini SiteEmail david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

diff --git a/www/posts/atom.xml b/www/posts/atom.xml index c8a3a38..79f3a7c 100644 --- a/www/posts/atom.xml +++ b/www/posts/atom.xml @@ -4,8 +4,42 @@ https://davidtsadler.com/posts/atom.xml - 2021-05-28T12:00:00Z + 2021-05-29T12:00:00Z + Setting up a Self Hosted Git Server + https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html + + David T. Sadler. + 2021-05-29T12:00:00Z + 2021-05-29T12:00:00Z + <h1>Setting up a Self Hosted Git Server</h1><blockquote>Sat 29th May 2021 By David T. Sadler.</blockquote><p>I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.</p><ul><li>Installing git.</li><li>Creating a git user.</li><li>Setting up ssh so that I can log into the sever securely as the git user.</li><li>Creating a test repository on the server.</li><li>Creating a test project on my local machine.</li><li>Pushing the test project to the git sever.</li></ul><h2>Installing Git</h2><p>Since its an Ubuntu server installing git is as simple as.</p><pre><code class="shell">$ sudo apt install git-core</code></pre><h2>Creating a User</h2><p>The git user will serve two purposes.</p><ul><li>The repositories will be stored in the user's home directory.</li><li>The user account will contain the public ssh keys of remote users that can access the repositories.</li></ul><pre><code class="shell">$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git</code></pre><ul><li>--system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.</li><li>--shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.</li><li>--group Creates a group that is the same name as the user.</li><li>--disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.</li><li>--home /home/git The home directory for the user.</li></ul><h2>Setting up SSH</h2><p>On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.</p><p>The below commands create the required .ssh directory and authorized_keys file with the correct permissions.</p><pre><code class="shell">$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys</code></pre><p>Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. </p><pre><code class="shell">$ sudo vim /home/git/.ssh/authorized_keys</code></pre><p>Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.</p><pre><code class="shell">$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair</code></pre><p>On my local machine I can test ssh access.</p><pre><code class="shell">$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access.</code></pre><p>The message that comes back indicates that ssh is working and that the git-shell is been used.</p><h2>Creating a Test Repository</h2><p>An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.</p><pre><code class="shell">$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main</code></pre><h2>Creating a Test Project</h2><p>Back on my local machine I can create a test project and push it to the remote server.</p><pre><code class="shell">$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main</code></pre><p>I can also test that I can clone the repository.</p><pre><code class="shell">rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git</code></pre><h3>Links</h3><a href="/posts/git/">Git - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a> + Pre and Post Validation Hooks with Certbot https://davidtsadler.com/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/index.html diff --git a/www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html b/www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html new file mode 100644 index 0000000..81bfebc --- /dev/null +++ b/www/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html @@ -0,0 +1,51 @@ + + + + + + Setting up a Self Hosted Git Server + + + + + + + + + + + + + + +

Setting up a Self Hosted Git Server

Sat 29th May 2021 By David T. Sadler.

I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.

  • Installing git.
  • Creating a git user.
  • Setting up ssh so that I can log into the sever securely as the git user.
  • Creating a test repository on the server.
  • Creating a test project on my local machine.
  • Pushing the test project to the git sever.

Installing Git

Since its an Ubuntu server installing git is as simple as.

$ sudo apt install git-core

Creating a User

The git user will serve two purposes.

  • The repositories will be stored in the user's home directory.
  • The user account will contain the public ssh keys of remote users that can access the repositories.
$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git
  • --system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.
  • --shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.
  • --group Creates a group that is the same name as the user.
  • --disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.
  • --home /home/git The home directory for the user.

Setting up SSH

On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.

The below commands create the required .ssh directory and authorized_keys file with the correct permissions.

$ sudo mkdir /home/git/.ssh
+$ sudo chown git:git /home/git/.ssh
+$ sudo chmod 700 /home/git/.ssh
+$ sudo touch /home/git/.ssh/authorized_keys
+$ sudo chown git:git /home/git/.ssh/authorized_keys
+$ sudo chmod 600 /home/git/.ssh/authorized_keys

Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. 

$ sudo vim /home/git/.ssh/authorized_keys

Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.

$ sudo cat /home/git/.ssh/authorized_keys
+
+no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa
+AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h
+PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N
+YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC
+IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd
+LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ
+ICUvax2T9va5 gsg-keypair

On my local machine I can test ssh access.

$ ssh git.davidtsadler.com
+
+fatal: Interactive git shell is not enabled.
+hint: ~/git-shell-commands should exist and have read and execute access.

The message that comes back indicates that ssh is working and that the git-shell is been used.

Creating a Test Repository

An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.

$ sudo git init --bare /home/git/test.git/
+$ sudo chown -R git:git /home/git/test.git/
+$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main

Creating a Test Project

Back on my local machine I can create a test project and push it to the remote server.

$ mkdir test
+$ cd test
+$ git init
+$ touch readme
+$ git add .
+$ git commit -m 'Initial commit'
+$ git remote add origin git@git.davidtsadler.com:/home/git/test.git
+$ git push origin main

I can also test that I can clone the repository.

rm -rf test
+git clone git@git.davidtsadler.com:/home/git/test.git

Links

Git - Read More Posts.

I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.

Email david@davidtsadler.com

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+ + + + diff --git a/www/posts/git/atom.xml b/www/posts/git/atom.xml new file mode 100644 index 0000000..69e1abf --- /dev/null +++ b/www/posts/git/atom.xml @@ -0,0 +1,43 @@ + + + The Home of David T. Sadler - All Posts About Git + https://davidtsadler.com/posts/git/atom.xml + + + 2021-05-29T12:00:00Z + + Setting up a Self Hosted Git Server + https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html + + David T. Sadler. + 2021-05-29T12:00:00Z + 2021-05-29T12:00:00Z + <h1>Setting up a Self Hosted Git Server</h1><blockquote>Sat 29th May 2021 By David T. Sadler.</blockquote><p>I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.</p><ul><li>Installing git.</li><li>Creating a git user.</li><li>Setting up ssh so that I can log into the sever securely as the git user.</li><li>Creating a test repository on the server.</li><li>Creating a test project on my local machine.</li><li>Pushing the test project to the git sever.</li></ul><h2>Installing Git</h2><p>Since its an Ubuntu server installing git is as simple as.</p><pre><code class="shell">$ sudo apt install git-core</code></pre><h2>Creating a User</h2><p>The git user will serve two purposes.</p><ul><li>The repositories will be stored in the user's home directory.</li><li>The user account will contain the public ssh keys of remote users that can access the repositories.</li></ul><pre><code class="shell">$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git</code></pre><ul><li>--system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.</li><li>--shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.</li><li>--group Creates a group that is the same name as the user.</li><li>--disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.</li><li>--home /home/git The home directory for the user.</li></ul><h2>Setting up SSH</h2><p>On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.</p><p>The below commands create the required .ssh directory and authorized_keys file with the correct permissions.</p><pre><code class="shell">$ sudo mkdir /home/git/.ssh +$ sudo chown git:git /home/git/.ssh +$ sudo chmod 700 /home/git/.ssh +$ sudo touch /home/git/.ssh/authorized_keys +$ sudo chown git:git /home/git/.ssh/authorized_keys +$ sudo chmod 600 /home/git/.ssh/authorized_keys</code></pre><p>Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. </p><pre><code class="shell">$ sudo vim /home/git/.ssh/authorized_keys</code></pre><p>Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.</p><pre><code class="shell">$ sudo cat /home/git/.ssh/authorized_keys + +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa +AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h +PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N +YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC +IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd +LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ +ICUvax2T9va5 gsg-keypair</code></pre><p>On my local machine I can test ssh access.</p><pre><code class="shell">$ ssh git.davidtsadler.com + +fatal: Interactive git shell is not enabled. +hint: ~/git-shell-commands should exist and have read and execute access.</code></pre><p>The message that comes back indicates that ssh is working and that the git-shell is been used.</p><h2>Creating a Test Repository</h2><p>An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.</p><pre><code class="shell">$ sudo git init --bare /home/git/test.git/ +$ sudo chown -R git:git /home/git/test.git/ +$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main</code></pre><h2>Creating a Test Project</h2><p>Back on my local machine I can create a test project and push it to the remote server.</p><pre><code class="shell">$ mkdir test +$ cd test +$ git init +$ touch readme +$ git add . +$ git commit -m 'Initial commit' +$ git remote add origin git@git.davidtsadler.com:/home/git/test.git +$ git push origin main</code></pre><p>I can also test that I can clone the repository.</p><pre><code class="shell">rm -rf test +git clone git@git.davidtsadler.com:/home/git/test.git</code></pre><h3>Links</h3><a href="/posts/git/">Git - Read More Posts.</a><p>I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.</p><a href="mailto:david@davidtsadler.com">Email david@davidtsadler.com</a><h3>License</h3><a href="https://creativecommons.org/licenses/by-sa/4.0/">The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.</a><p>Copyright © 2021 David T. Sadler.</p><a href="/">Return to Homepage.</a> + + \ No newline at end of file diff --git a/www/posts/git/index.html b/www/posts/git/index.html new file mode 100644 index 0000000..a327641 --- /dev/null +++ b/www/posts/git/index.html @@ -0,0 +1,25 @@ + + + + + + The Home of David T. Sadler - All Posts About Git + + + + + + + + + + + + + + +

The Home of David T. Sadler - All Posts About Git

2021-05-29 - Setting up a Self Hosted Git Server

License

The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright © 2021 David T. Sadler.

Return to Homepage.
+ + + + diff --git a/www/sitemap.xml b/www/sitemap.xml index 13e5880..5a714ab 100644 --- a/www/sitemap.xml +++ b/www/sitemap.xml @@ -1,6 +1,10 @@ + https://davidtsadler.com/posts/git/2021-05-29/setting-up-a-self-host-git-server/index.html + 2021-05-29T12:00:00Z + never + https://davidtsadler.com/posts/letsencrypt/2021-05-28/pre-and-post-validation-hooks-with-certbot/index.html 2021-05-28T12:00:00Z never -- cgit v1.2.3-13-gbd6f