Git on the Server – Setting Up the Server

 Setting Up the Server

Let’s walk through setting up SSH access on the server side. In this example, you’ll use theauthorized_keys method for authenticating your users. We also assume you’re running a standard Linux distribution like Ubuntu. First, you create a ‘git’ user and a .ssh directory for that user.
$ sudo adduser git
$ su git
$ cd
$ mkdir .ssh
Next, you need to add some developer SSH public keys to the authorized_keys file for that user. Let’s assume you’ve received a few keys by e-mail and saved them to temporary files. Again, the public keys look something like this:
$ cat /tmp/
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4L
dAv8JggJICUvax2T9va5 gsg-keypair
You just append them to your authorized_keys file:
$ cat /tmp/ >> ~/.ssh/authorized_keys
$ cat /tmp/ >> ~/.ssh/authorized_keys
$ cat /tmp/ >> ~/.ssh/authorized_keys
Now, you can set up an empty repository for them by running git init with the --bare option, which initializes the repository without a working directory:
$ cd /opt/git
$ mkdir project.git
$ cd project.git
$ git --bare init
Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Let’s use gitserver as the hostname of the server on which you’ve set up your ‘git’ user and repository. If you’re running it internally, and you set up DNS forgitserver to point to that server, then you can use the commands pretty much as is:
# on Johns computer
$ cd myproject
$ git init
$ git add .
$ git commit -m 'initial commit'
$ git remote add origin [email protected]:/opt/git/project.git
$ git push origin master
At this point, the others can clone it down and push changes back up just as easily:
$ git clone [email protected]:/opt/git/project.git
$ cd project
$ vim README
$ git commit -am 'fix for the README file'
$ git push origin master
With this method, you can quickly get a read/write Git server up and running for a handful of developers.
As an extra precaution, you can easily restrict the ‘git’ user to only doing Git activities with a limited shell tool called git-shell that comes with Git. If you set this as your ‘git’ user’s login shell, then the ‘git’ user can’t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for your user’s login shell. To do so, you’ll likely have to edit your /etc/passwd file:
$ sudo vim /etc/passwd
At the bottom, you should find a line that looks something like this:
Change /bin/sh to /usr/bin/git-shell (or run which git-shell to see where it’s installed). The line should look something like this:
Now, the ‘git’ user can only use the SSH connection to push and pull Git repositories and can’t shell onto the machine. If you try, you’ll see a login rejection like this:
$ ssh [email protected]
fatal: What do you think I am? A shell?
Connection to gitserver closed.

Leave a Comment

Your email address will not be published. Required fields are marked *