# Setting up a Self Hosted Git Server > Sat 29th May 2021 By David T. Sadler. I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves. * Installing git. * Creating a git user. * Setting up ssh so that I can log into the sever securely as the git user. * Creating a test repository on the server. * Creating a test project on my local machine. * Pushing the test project to the git sever. ## Installing Git Since its an Ubuntu server installing git is as simple as. ```shell $ sudo apt install git-core ``` ## Creating a User The git user will serve two purposes. * The repositories will be stored in the user's home directory. * The user account will contain the public ssh keys of remote users that can access the repositories. ```shell $ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git ``` * --system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option. * --shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh. * --group Creates a group that is the same name as the user. * --disabled-password Prevent logging in with a password. The use of ssh keys is still allowed. * --home /home/git The home directory for the user. ## Setting up SSH On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account. The below commands create the required .ssh directory and authorized_keys file with the correct permissions. ```shell $ sudo mkdir /home/git/.ssh $ sudo chown git:git /home/git/.ssh $ sudo chmod 700 /home/git/.ssh $ sudo touch /home/git/.ssh/authorized_keys $ sudo chown git:git /home/git/.ssh/authorized_keys $ sudo chmod 600 /home/git/.ssh/authorized_keys ``` Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it. ```shell $ sudo vim /home/git/.ssh/authorized_keys ``` Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key. ```shell $ sudo cat /home/git/.ssh/authorized_keys no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ ICUvax2T9va5 gsg-keypair ``` On my local machine I can test ssh access. ```shell $ ssh git.davidtsadler.com fatal: Interactive git shell is not enabled. hint: ~/git-shell-commands should exist and have read and execute access. ``` The message that comes back indicates that ssh is working and that the git-shell is been used. ## Creating a Test Repository An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out. ```shell $ sudo git init --bare /home/git/test.git/ $ sudo chown -R git:git /home/git/test.git/ $ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main ``` ## Creating a Test Project Back on my local machine I can create a test project and push it to the remote server. ```shell $ mkdir test $ cd test $ git init $ touch readme $ git add . $ git commit -m 'Initial commit' $ git remote add origin git@git.davidtsadler.com:/home/git/test.git $ git push origin main ``` I can also test that I can clone the repository. ```shell rm -rf test git clone git@git.davidtsadler.com:/home/git/test.git ``` ### Links => /posts/git/ Git - Read More Posts. I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to. => mailto:david@davidtsadler.com Email david@davidtsadler.com ### License => https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Copyright © 2021 David T. Sadler. => / Return to Homepage.