blob: 9729b24729344d1a5b71e279f81f7a3b90506e9e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# Setting up a Self Hosted Git Server
> Sat 29th May 2021 By David T. Sadler.
I've always liked the idea of self hosting some of my git repositories. After a bit of research I found that it involves.
* Installing git.
* Creating a git user.
* Setting up ssh so that I can log into the sever securely as the git user.
* Creating a test repository on the server.
* Creating a test project on my local machine.
* Pushing the test project to the git sever.
## Installing Git
Since its an Ubuntu server installing git is as simple as.
```shell
$ sudo apt install git-core
```
## Creating a User
The git user will serve two purposes.
* The repositories will be stored in the user's home directory.
* The user account will contain the public ssh keys of remote users that can access the repositories.
```shell
$ sudo adduser --system --shell /usr/bin/git-shell --group --disabled-password --home /home/git git
```
* --system Creates a system user user. Not strictly required but since this is not a normal user account I prefer to use this option.
* --shell /usr/bin/git-shell Restrict the git user to only git related activities. This also prevents remote users from obtaining a shell by logging in via ssh. Note that git-shell does not prevent normal git operations, such as pull and push, from working over ssh.
* --group Creates a group that is the same name as the user.
* --disabled-password Prevent logging in with a password. The use of ssh keys is still allowed.
* --home /home/git The home directory for the user.
## Setting up SSH
On my local machine git will use ssh to connect to the remote server as the git user. In order to do this I will need to copy my public ssh key to the git user account.
The below commands create the required .ssh directory and authorized_keys file with the correct permissions.
```shell
$ sudo mkdir /home/git/.ssh
$ sudo chown git:git /home/git/.ssh
$ sudo chmod 700 /home/git/.ssh
$ sudo touch /home/git/.ssh/authorized_keys
$ sudo chown git:git /home/git/.ssh/authorized_keys
$ sudo chmod 600 /home/git/.ssh/authorized_keys
```
Now I can copy the public ssh key of anyone who needs access to the repositories. There are a few ways of doing this and I tend to just edit the authorized_keys file and manually copy and paste the keys into it.
```shell
$ sudo vim /home/git/.ssh/authorized_keys
```
Note that to prevent ssh port forwarding via the git user account I prepend the no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty options to the key.
```shell
$ sudo cat /home/git/.ssh/authorized_keys
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h
PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N
YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC
IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd
LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ
ICUvax2T9va5 gsg-keypair
```
On my local machine I can test ssh access.
```shell
$ ssh git.davidtsadler.com
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
```
The message that comes back indicates that ssh is working and that the git-shell is been used.
## Creating a Test Repository
An empty repository is setup by running git init with the --bare option. I also ensure that the git user owns the repository and that main will be the default branch when its checked out.
```shell
$ sudo git init --bare /home/git/test.git/
$ sudo chown -R git:git /home/git/test.git/
$ sudo git --git-dir=/home/git/test.git/ symbolic-ref HEAD refs/heads/main
```
## Creating a Test Project
Back on my local machine I can create a test project and push it to the remote server.
```shell
$ mkdir test
$ cd test
$ git init
$ touch readme
$ git add .
$ git commit -m 'Initial commit'
$ git remote add origin git@git.davidtsadler.com:/home/git/test.git
$ git push origin main
```
I can also test that I can clone the repository.
```shell
rm -rf test
git clone git@git.davidtsadler.com:/home/git/test.git
```
### Links
=> /posts/git/ Git - Read More Posts.
I don't have comments as I don't want to manage them. You can however contact me at the below address if you want to.
=> mailto:david@davidtsadler.com Email david@davidtsadler.com
### License
=> https://creativecommons.org/licenses/by-sa/4.0/ The contents of this site is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright © 2021 David T. Sadler.
=> / Return to Homepage.
|
