Let’s walk through setting up SSH access on the server side. In this example, you’ll use the
authorized_keys method for authenticating your users. We also assume you’re running a standard Linux distribution like Ubuntu. First, you create a ‘git’ user and a
.ssh directory for that user.
$ sudo adduser git
$ su git
$ mkdir .ssh
Next, you need to add some developer SSH public keys to the
authorized_keys file for that user. Let’s assume you’ve received a few keys by e-mail and saved them to temporary files. Again, the public keys look something like this:
$ cat /tmp/id_rsa.john.pub
You just append them to your
$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys
Now, you can set up an empty repository for them by running
git init with the
--bare option, which initializes the repository without a working directory:
$ cd /opt/git
$ mkdir project.git
$ cd project.git
$ git --bare init
Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Let’s use
gitserver as the hostname of the server on which you’ve set up your ‘git’ user and repository. If you’re running it internally, and you set up DNS for
gitserver to point to that server, then you can use the commands pretty much as is:
# on Johns computer
$ cd myproject
$ git init
$ git add .
$ git commit -m 'initial commit'
$ git remote add origin [email protected]:/opt/git/project.git
$ git push origin master
At this point, the others can clone it down and push changes back up just as easily:
$ git clone [email protected]:/opt/git/project.git
$ cd project
$ vim README
$ git commit -am 'fix for the README file'
$ git push origin master
With this method, you can quickly get a read/write Git server up and running for a handful of developers.
As an extra precaution, you can easily restrict the ‘git’ user to only doing Git activities with a limited shell tool called
git-shell that comes with Git. If you set this as your ‘git’ user’s login shell, then the ‘git’ user can’t have normal shell access to your server. To use this, specify
git-shell instead of bash or csh for your user’s login shell. To do so, you’ll likely have to edit your
$ sudo vim /etc/passwd
At the bottom, you should find a line that looks something like this:
/usr/bin/git-shell (or run
which git-shell to see where it’s installed). The line should look something like this:
Now, the ‘git’ user can only use the SSH connection to push and pull Git repositories and can’t shell onto the machine. If you try, you’ll see a login rejection like this:
$ ssh [email protected]
fatal: What do you think I am? A shell?
Connection to gitserver closed.