$ git clone <username>@<servername>:/<directories>/my_project.git
So arrived at this point, one can setup accounts for everyone, which is straightforward but can be cumbersome. Another way is using an LDAP or any other centralized system, but this is alien topic for this post.
A second method is to create an account called “git” on the server, and ask every user who will have access, to send its SSH public key, and add that key to the .ssh/authorized_keys file of “git” user. I am sure that this approach sounds you familiar (github way?). So let’s explain this way:
First of all each user should send you its public key, (they can find in .ssh directory *.pub file), or simply create new, using ssh-keygen command. See this tutorial for learning how to generate both keys http://github.com/guides/providing-your-ssh-key.
Setting up Git server with user public keys:
First step is create a git user with .ssh directory.
$ sudo adduser git
$ su git
$ mkdir .ssh
Next step is create authorized_keys file where all public keys will be stored:
$ cat id_dsa.user1.pub >> ~/.ssh/authorized_keys
$ cat id_dsa.user2.pub >> ~/.ssh/authorized_keys
And now each developer, with public key published in authorized_keys and private key in his own .ssh directory, has access to repository. Let’s try, open another terminal (would be developer machine in real scenario) and try to clone existing repo from server:
#from developer computer
$ git clone git@<servername>:<directories>/my_project.git
After repository is cloned to developer computer, modifications can be made and pushed them.
And now you can say, “Ok, I don’t have to create one account for each developer but I am still having a problem with security“, each developer still has access to shell. Yes it is true, but you can easily restrict the “git” user to only doing Git activities with a limited shell called git-shell. Next step is specifying git-shell instead of bash for Git user, in /etc/passwd.
$ sudo vim /etc/passwd
Now your server is secured, only Git operations are allowed using “git” account with users that have sent their SSH public key.
You have your central remote repository configured and ready to be used; at this point you may consider install Git tools like gitweb, gitosis or gitolite, but in this post are off topic.
I hope you have found this post useful.
Related Articles :
- Services, practices & tools that should exist in any software development house, part 1
- Dealing with technical debt
- Diminishing Returns in software development and maintenance
- This comes BEFORE your business logic!
- When Inheriting a Codebase, there are more questions than answers…
- Java Tools: Source Code Optimization and Analysis