There are lots of instructions for getting setup with git around on the web, however all of them seem very verbose and since this is the third time I’ve set up a git server I decided to write down a short version.
Setting up the Server
The machine I plan to use as the server has a 2TB RAID 1 hard disk configuration–I’d recommend at least RAID 1 for storing your valuable work.
I installed Ubuntu as the operating system.
After the OS is installed, I installed OpenSSH via the apt-get command at a Terminal window like so:
sudo apt-get install openssh-client openssh-server
And, the suggested extras:
sudo apt-get install rssh molly-guard openssh-blacklist openssh-blacklist-extra
First, make a copy of the original settings just in case:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
For security, I disable the root login via SSH for my git server by editing the config file:
sudo nano /etc/ssh/sshd_config
And then by updating the following setting to “no”:
Of course, since I also will be logging into SSH via different computers I will uncomment the following line:
I hit CTRL+O, then ENTER to save the file, then CTRL+X to exit nano.
Setting up the gitolite User
I’m going to be using a single account for handling the git repository through gitolite.
To do this, the first step is to create the group for the user:
sudo groupadd gitolite
Then we create the user (obviously type a real password when you do it, and type an appropriate home path):
sudo useradd -ggitolite -d/home/gitolite -m -pPASSWORD gitolite
I’m going to switch over to the gitolite user for the next set of configurations:
sudo su gitolite
First I will generate an SSH key:
ssh-keygen -f ~/.ssh/id_rsa -N ""
I will copy the public portion of the SSH key into my authorized_keys file:
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
Granting users access to repositories
I don’t plan on using the gitolite user to actually do my work (and expect to work from various machines). In order to have access to the repositories the gitolite user will store, we must update the authorized_keys file with an SSH key for the “work user”.
The first step is to log in as that work user, and generate an SSH key just as we did with the gitolite user (see above).
Once I’ve done that, I need to copy the public key and name it as the username I would like to use for the gitolite administrator:
cp ~/.ssh/id_rsa.pub /tmp/YOUR_ADMIN_NAME.pub
While logged on as the gitolite user (gitolite in my case), I will clone the gitolite repository and install:
cd ~ git clone git://github.com/sitaramc/gitolite gitolite/src/gl-system-install gl-setup -q /tmp/YOUR_ADMIN_NAME.pub
At this point switch back to the work user (or the user who’s name you used the .pub file in /tmp/
To make sure everything is setup correctly, we will clone the testing.git repository that was created during install:
cd ~ mkdir src cd src git clone gitolite:testing.git
This will create a new directory called “testing”. Let’s create a testing file to make sure we are able to commit:
cd testing touch tmp git add tmp git commit -a -m "adding test file" git push origin master
Success at this point indicates everything is setup and ready to use…locally at least 🙂
Configuring the Firewall
Until now I can clone my git repositories on my computer through the user account where I do my work.
Now I need to configure the server so that I can clone the repositories from another computer and use them from there.
Enable the firewall:
sudo ufw enable
Enable ssh access from my private LAN (obviously substitute port and IP mask as appropriate for your network):
sudo ufw allow from 10.10.10.0/24 to any port 22
The next step is to make sure these changes have worked. To do this, you must go to another computer and open up a terminal there.
We will generate an SSH key same as we’ve been doing all along on this different computer, and we will need to copy it into the authorized_keys for gitolite:
sudo gedit /home/gitolite/.ssh/authotized_keys
I paste the SSH public key on a new line and add an authentication command on the same line right in front of the SSH key portion (obviously using the proper user name instead of WORK_USER_NAME):
command="/home/gitolite/.gitolite/src/gl-auth-command WORK_USER_NAME",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty (pub key starting with "ssh-rsa" is here)
Save and close the file.
Test for ssh access:
ssh gitolite@SERVER pwd
If you get the home directory for the gitolite user returned, the firewall settings are correct and your second computer is now able to access the repositories.
(NOTE: you might need to use the IP address of your server at this point if hostname resolution fails).