{"id":3576,"date":"2018-05-29T21:32:28","date_gmt":"2018-05-30T04:32:28","guid":{"rendered":"http:\/\/mattfife.com\/?p=3576"},"modified":"2022-03-24T09:45:41","modified_gmt":"2022-03-24T16:45:41","slug":"setting-up-your-own-git-server-wi","status":"publish","type":"post","link":"https:\/\/mattfife.com\/?p=3576","title":{"rendered":"Setting up your own git server with individual user accounts"},"content":{"rendered":"

This is sort of covered in other spots, but not as clearly and from scratch. Here’s a complete guide that shows how to set up your own git server and git clients. I found this setup handy when trying out some more complex git merging commands and experimenting with remotes while learning git.<\/p>\n

I tested this on Ubuntu 16.04 by creating an Ubuntu virtual machine and then cloning it. 1 VM for the server, and 2 for clients. I used bridged networking so each would get their own IP address, but that’s not required as long as the VM’s can communicate with each other over TCP\/IP.<\/p>\n

There are two ways to set the git accounts up. The first way shown has all client users accessing the repository through the same server user account. While each user’s submissions will be labeled correctly in the git log, having everyone use the same system account isn’t safe computing practices for groups. Instead, if you follow the instructions in the optional part you can use individual user accounts and keep things more safe.<\/p>\n

Client\/Server Setup<\/h3>\n

First, on the server:<\/span><\/p>\n

    \n
  1. Make sure ssh is installed on the server:\n
    server$ sudo apt-get install openssh-server<\/pre>\n<\/li>\n
  2. Make sure sshd is running\/listed when you do a ps. If not, reboot or restart it.\n
    server$ ps -A | grep sshd<\/pre>\n<\/li>\n
  3. Make sure git is installed:\n
    server$ sudo apt-get install git-core<\/pre>\n<\/li>\n
  4. Add a user to the server that will hold the git repositories\n
    server$ sudo adduser git\nserver$ sudo passwd git\nserver$ su - git\nserver$ mkdir -p .ssh<\/pre>\n<\/li>\n<\/ol>\n
    Next, on your client:<\/span><\/p>\n
      \n
    1. Make sure git is installed\n
      client$ sudo apt-get install git-core<\/pre>\n<\/li>\n
    2. Create an ssh key. While not strictly required, it’s a good idea to add a passcode to the key when prompted during key creation.\n
      client$ ssh-keygen -t rsa<\/pre>\n
      This should create a file called id_rsa.pub in your ~\/.ssh directory. See documentation on ssh-keygen for full details.<\/li>\n
    3. Copy the ssh key to the server’s git directory:\n
      client$ scp ~\/.ssh\/id_rsa.pub git@server.com:\/home\/git\/client_id_rsa.pub<\/pre>\n<\/li>\n<\/ol>\n
      Back on server:<\/span><\/p>\n
        \n
      1. Add the client user’s key to the ssh list in the \/home\/git\/.ssh directory\n
        server$ mkdir ~\/.ssh<\/pre>\n<\/li>\n
      2. Append the client user key to the list of authorized keys\n
        server$ cat ~\/client_id_rsa.pub >> ~\/.ssh\/authorized_keys<\/pre>\n<\/li>\n
      3. Create a new group called ‘gituser’ we’ll use for users to access our repository in \/home\/git\/\n
        sudo groupadd gituser\nsudo usermod -a -G gituser git<\/pre>\n<\/li>\n
      4. Log out completely and back in. You MUST do this for group assignment to take effect orsubsequent chgrp\/chmod commands won’t work.<\/li>\n
      5. Make the git repository and tell it to share based on the group the user belongs to.\n
        server$ cd ~git\nserver$ mkdir -p mydepot\nserver$ cd mydepot\nserver$ git init --bare --shared=group\nInitialized empty Git repository in \/home\/git\/mydepot\/<\/pre>\n<\/li>\n
      6. Set the permissions on the repository directory so that anyone in the new ‘gituser’ group can access it.\n
        chgrp -R gituser \/home\/git\/mydepot\nchmod -R g+rw \/home\/git\/mydepot\nchmod g+s `find \/home\/git\/mydepot -type d`<\/pre>\n<\/li>\n<\/ol>\n
        Back on client (if it is a clean client without files for the repo):<\/span><\/p>\n
          \n
        1. Test your ssh connection by trying to ssh into the server (using the git user)<\/li>\n
        2. Create the local project:\n
          client$ mkdir -p depot\/project1\nclient$ cd depot\/project1\nclient$ git config --global user.email \"you@client.com\"\nclient$ git config --global user.name \"clientUsername\"<\/pre>\n<\/li>\n
        3. Clone the remote to your local system\n
          client$ git clone ssh:\/\/git@serverurl_or_ip:\/home\/git\/mydepot\/ .<\/pre>\n<\/li>\n<\/ol>\n
          Enter your username password and you’re done. The clone and the remote should be connected. Push\/Fetch as normal. See the optional part below if you don’t want to use a global git user account on the server.<\/p>\n
          Or – Back on client that HAS existing files you want to get to the server:<\/span><\/p>\n
          Lets say you have a client that already has a bunch of files or even a git repository and you want to start using a remote repository. Here’s how you can add those local files into the remote server repository you just created.<\/p>\n
            \n
          1. Initialize the repository where your client files are\n
            client$ git init\n  Initialized empty Git repository in <blah>\nclient$ git add .\nclient$ git commit\n  <Write something about this being a commit from the client><\/pre>\n<\/li>\n
          2. If you are going to using the git user account for all users, connect the project to your server this way:\n
            client$ git remote add origin ssh:\/\/git@serverurl_or_ip:\/home\/git\/mydepot\/<\/pre>\n
            If you don’t want to use the git account, then you must first create a user account on the server that matches the client userid (making sure to set the group\/user properties on the server account), then use this:<\/p>\n
            client$ git remote add origin ssh:\/\/serverurl_or_ip:\/home\/git\/mydepot\/<\/pre>\n
            Enter the password for your username or the ‘git’ server user depending on which one you used.<\/li>\n
          3. Set up git configuration to avoid warnings and push:\n
            client$ git config --global push.default simple\nclient$ git push --set-upstream origin master<\/pre>\n
            You will be prompted for the passkey you used when you created your RSA key in the above push step. Enter that passkey (not your git\/user account password).<\/li>\n<\/ol>\n
            Optional – Using user accounts instead of a global ‘git’ account on the server.<\/h3>\n
            The previous instructions had everyone use the same ‘git’ server user account when checking in – which means everyone must have the ‘git’ server account password. The log will show the right names, but security-wise this isn’t always best to use one global account on servers.<\/p>\n
            If you have more than one user but want everyone to log in separately, simply create a user account on the server like this:<\/p>\n
            On client for each client user:<\/p>\n
              \n
            1. Create a ssh key on your client as before.<\/li>\n
            2. Copy that key .pub to the server and append it to the authorized_keys file as above.\n
              client$ scp .ssh\/myclient_id_rsa.pub git@serverurl_or_ip:\/home\/git<\/pre>\n<\/li>\n<\/ol>\n
              On server:<\/p>\n
                \n
              1. Append the client’s public key to the authorized keys\n
                server$ cat ~\/myclient_id_rsa.pub >> ~\/.ssh\/authorized_keys<\/pre>\n<\/li>\n
              2. Create a user account that matches the userid on the client\n
                server$ sudo useradd client_username\nserver$ sudo passwd client_username<\/pre>\n<\/li>\n
              3. Make sure the new user account has access to the \/home\/git\/ project directories by setting their group membership:\n
                server$ sudo usermod -a -G gituser client_username<\/pre>\n<\/li>\n<\/ol>\n
                From now on, you don’t need to specify the git user account. Do not put the git@ part into the git clone url and use the username’s password when asked to log in:<\/p>\n
                client$ git clone ssh:\/\/serverurl_or_ip:\/home\/git\/mydepot .\n<\/pre>\n
                This method works great, but does require that you keep the client and server userid account passwords synced.<\/p>\n
                Setting up a Windows client:<\/h3>\n
                Once the server is set up, you’re almost there. Microsoft has written a good guide. You’ll need OpenSSH or Windows 10 installed the generate an ssh key (if you don’t have one already).
                \nhttps:\/\/docs.microsoft.com\/en-us\/vsts\/git\/use-ssh-keys-to-authenticate?view=vsts<\/a><\/p>\n
                Resource links:<\/h3>\n