Group-level git server Construction
Reprinted: linuxhttp: // blog. prosight. Me/index. php/2009/11/485
If there are few git users, you can use the following steps to quickly deploy a git server environment.
1. generate an SSH Public Key
Every engineer who needs to use the GIT server needs to generate an SSH Public Key
Enter your own ~ /. Ssh directory. check whether there is a pair of files named after the file name and file name. Pub. The file name is usually id_dsa or id_rsa. The. Pub file is the public key, and the other file is the key. If you do not have these files (or simply connect to them. you can use the ssh-keygen program to create them. The program is provided in the Linux/MAC system by the SSH package, and included in the msysgit package on Windows:
-
- $Ssh-keygen
- Generating public/private RSA key pair.
- EnterFileInWhichTo save the key (/users/schacon /.SSH/Id_rsa ):
- Enter passphrase (empty for no passphrase ):
- Enter same passphrase again:
- Your identification has been saved in/users/schacon /.SSH/Id_rsa.
- Your public key has been saved in/users/schacon /.SSH/Id_rsa.pub.
- The key fingerprint is:
- 43: C5: 5b: 5f: B1: F1: 50: 43: AD: 20: A6: 92: 6a: 1f: 9A: 3A schacon@agadorlaptop.local
-
It requires you to confirm the location of the public key (. Ssh/id_rsa), and then it will let you repeat the password twice. If you do not want to enter the password when using the public key, leave it blank.
Now, all users who have done this step have to give their public keys to you or the GIT server administrator (assuming that the SSH service is set to use the public key mechanism ). They only need to copy the content of the. Pub file and then e-email it. The Public Key is roughly as follows:
-
- $Cat~ /.SSH/Id_rsa.pub
- Ssh-RSA aaaab3nzac1yc2eaaaabiwaaaqeakloupkdhrfhy17sbrmtipnltgk9tjom/bwdsu
- GPL + Signature
- Pbv7kodj/mtyblwxfcr + hao3fxritbqxix1nkhxphazsmcilq8v61_snqwdsdmfvslvk/7xa
- T3faojoasncm1q9x5 + 3v0ww68/eifmb1zuufljqjkprrx88xypndvjynby6vw/pb0rwert/EN
- MZ + aw4ozpntpi89zpmvmluayrd2ce86z/il8b + gw3r3 + 1nkatmikjn2so1d01qratlmqvssbx
- Nrrfi9wrf + m7q = schacon@agadorlaptop.local
-
2. Set up servers
First, create a 'git 'user and create a. Ssh directory for it. In the user's main directory:
-
- $SudoAdduser git
- $SuGit
- $ Cd
- $Mkdir.SSH
-
Next, add the developer's SSH Public Key to the user's authorized_keys file. Assume that you have received several public keys through e-mail and stored them in temporary files. Add them to the authorized_keys file.
-
- $Cat/Tmp/id_rsa.john.pub> ~ /.SSH/Authorized_keys
- $Cat/Tmp/id_rsa.josie.pub> ~ /.SSH/Authorized_keys
- $Cat/Tmp/id_rsa.jessica.pub> ~ /.SSH/Authorized_keys
-
Now you can use the-bare option to run git init to set an empty repository, which will initialize a repository that does not contain a working directory.
-
- $ CD/opt/git
- $MkdirProject. Git
- $ CD project. Git
- $ Git-bare init
-
In this case, developers can add it as a remote repository, push a branch, and upload the project of the first version to the repository. It is worth noting that every time you add a new project, You need to log on to the host through shell and create a pure repository. We may wish to use gitserver as the host name of the GIT user and repository. If you run the host inside the network and set gitserver to point to the host in DNS, the following commands are available:
-
- # On an engineer's computer
- $ CD myproject
- $ Git init
- $ Git add.
- $ Git commit-m'initial commit'
- $ Git remote add origin git @ gitserver:/opt/git/Project. Git
- $ Git push origin master
-
In this way, the cloning and pushing of other people become very simple:
-
- $ Git clone git @ gitserver:/opt/git/Project. Git
- $ Vim readme
- $ Git commit-am 'fix for the README file'
- $ Git push origin master
-
Using this method, you can quickly set up a readable and writable git service for a few developers.
As an additional precaution, you can use the git-shell tool that comes with git to limit the activity of git users only to git-related. Set it as the shell that the GIT user logs on to, then the user cannot have normal shell access to the host. To achieve this, you need to specify that the user's login shell is Git-shell, rather than bash or CSH. You may have to edit the/etc/passwd file.
-
- $SudoVim/etc/Passwd
-
At the end of the file, you should be able to find a line like this:
-
- Git: X: 1000: 1000:/home/git:/bin/Sh
-
Change bin/sh to/usr/bin/Git-shell (or use which Git-shell to view its location ). The row is modified as follows:
-
- Git: X: 1000: 1000:/home/git:/usr/bin/Git-shell
-
Currently, git users can only use SSH connections to push and obtain git repositories, rather than directly using the host shell. If you try to log on, you will see the following denial information:
-
- $SSHGit @ gitserver
- Fatal: What do you think I am? A shell? (What do you think I am? Shell ?)
- Connection to gitserver closed. (The gitserver connection is disconnected .)