How to Setup Git Server on Ubuntu?
Git is a popular version control system that is widely used for software development and other collaborative projects. Setting up a Git server on Ubuntu allows you to host Git repositories on your own server, which can be useful for collaborating with a team or hosting open-source projects that others can contribute to. Here, we will walk through the steps of setting up a Git server on Ubuntu 20.04 LTS. We will install Git, create a new user to manage the repositories, create a repository directory, initialize a new bare repository, and set the correct permissions on the repository so that other users can access it.
Steps to Setup Git Server on Ubuntu
Before we begin, make sure we have a clean installation of Ubuntu 20.04 LTS and that you are logged in as a user with Sudo privileges.
Step 1: Install Git.
The first step is to install Git on your Ubuntu server. To do this, open a terminal and enter the following command:
This will install the latest version of Git on your server. You can check that Git has been installed correctly by running the following command:
This should display the version number of Git that has been installed.
Step 2: Create a Git User.
Next, you need to create a new user account that will be used to manage the Git repositories. This is a best practice as it helps to keep the repositories separate from your main user account. To create a new user, enter the following command:
You will be prompted to enter a password and provide some personal information for the user. Once you have completed these steps, a new user will be created.
Step 3: Create a Repository Directory.
Next, you’ll need to create a new directory on your server where you can store your Git repositories. This is typically done in the /usr/local/ directory. You can create a new directory by running the following command:
Step 4: Change the ownership of the directory to the git user.
Now that you’ve created the directory for the Git repositories, you’ll need to change the ownership of the directory to the git user. This will ensure that the git user has the necessary permissions to read, write, and execute files in the directory. You can change the ownership of the directory by running the following command:
Step 5: Switch to the git user.
To complete the setup of the Git server, you’ll need to switch to the git user account. This can be done by running the following command:
You should now see the command prompt change to the git user’s account.
Step 6: Initialize a new bare repository.
A bare repository is a type of Git repository that does not contain a working tree (i.e. the files that you’re tracking in your repository). Instead, it only contains the Git metadata and history of the repository. This is the type of repository that you’ll use for your Git server. To initialize a new bare repository, run the following command in the /usr/local/git directory:
This command will create a new bare repository named “myproject.git” in the /usr/local/git directory.
Step 7: Configure SSH access for the git user.
In order to clone and push to the repository, you need to configure SSH access for the git user. To configure SSH access, you’ll need to add the git user’s public key to the authorized_keys file in the git user’s .ssh directory. You can generate a new ssh key by running ssh-keygen -t rsa -b 4096 on your local machine, type the command:
In the above image you can see that we have created a ssh_public_key on your local system, this key is saved in /home/git/.ssh/id_rsa.pub. we will use this public key to authorize our server for the login. Now you need to go to the location where this key is present and using the cp command or clipboard simply copy the key and use the key in the next command as follows:
Then copy the contents of the public key file `~/.ssh/id_rsa.pub to the authorized keys file on the server by running the following command:
This will add your public key to the authorized_keys file, allowing you to connect to the server via SSH.
Step 8: Allow the git user to connect to the server via SSH.
Next, you will need to allow the git user to connect to the server via SSH. You can do this by adding the git user to the SSH AllowUsers list in the /etc/ssh/sshd_config file. Open the file by running sudo nano /etc/ssh/sshd_config and add the following line at the end of the file:
Step 9: Restart the SSH service.
After making the changes to the SSH configuration file, you’ll need to restart the SSH service for the changes to take effect. You can restart the SSH service by running the following command:
Step 10: Clone the repository from the server.
Finally, you can clone the repository from the server by running the following command on your local machine:
git clone git@server:/usr/local/git/myproject.git
In the above image, I have used my server IP address instead of the server name you can use it as per your choice. This command will clone the “myproject.git” repository from the server to your local machine. You can now make changes to the files in the repository and push those changes back to the server using the standard Git commands (i.e. git add, git commit, git push).
And that’s it! You have now successfully set up a Git server on your Ubuntu machine. You can now use this server to manage your own code repositories or share code with others. Keep in mind that you should secure your git server by configuring a firewall and other security measures, and you should also back up your git repositories regularly.
Conclusion
In this tutorial, we learned how to set up a Git server on Ubuntu 20.04 LTS. We installed Git, created a new user to manage the repositories, created a repository directory, initialized a new bare repository, and set the correct permissions on the repository so that other users can access it. By following these steps, you can host your own Git repositories on your Ubuntu server and collaborate with others on projects. setting up a Git server on Ubuntu is a relatively straightforward process that allows you to host Git repositories on your own server. By following the steps outlined in this tutorial, you can set up a Git server and start hosting your own repositories.
It’s important to note that This guide is meant as a starting point, and there are many other configurations and options that you can explore to customize your Git server to your specific needs. For example, you may want to consider using Git hooks to automate certain tasks or use Git over SSH for secure communication. Additionally, for a big and more secure environment, it would be recommended to use Git server software like Gitlab, Gogs, and Bitbucket which are more feature rich and provide access control and other features out of the box.
4.4 Git on the Server — Setting Up the Server
Let’s walk through setting up SSH access on the server side. In this example, you’ll use the authorized_keys method for authenticating your users. We also assume you’re running a standard Linux distribution like Ubuntu.
A good deal of what is described here can be automated by using the ssh-copy-id command, rather than manually copying and installing public keys.
First, you create a git user account and a .ssh directory for that user.
$ sudo adduser git $ su git $ cd $ mkdir .ssh && chmod 700 .ssh $ touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys
Next, you need to add some developer SSH public keys to the authorized_keys file for the git user. Let’s assume you have some trusted public keys and have saved them to temporary files. Again, the public keys look something like this:
$ cat /tmp/id_rsa.john.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4L ojG6rs6hPB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4k Yjh6541NYsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9Ez Sdfd8AcCIicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myiv O7TCUSBdLQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPq dAv8JggJICUvax2T9va5 gsg-keypair
You just append them to the git user’s authorized_keys file in its .ssh directory:
$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys $ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys $ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys
Now, you can set up an empty repository for them by running git init with the —bare option, which initializes the repository without a working directory:
$ cd /srv/git $ mkdir project.git $ cd project.git $ git init --bare Initialized empty Git repository in /srv/git/project.git/
Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Let’s use gitserver as the hostname of the server on which you’ve set up your git user and repository. If you’re running it internally, and you set up DNS for gitserver to point to that server, then you can use the commands pretty much as is (assuming that myproject is an existing project with files in it):
# on John's computer $ cd myproject $ git init $ git add . $ git commit -m 'Initial commit' $ git remote add origin git@gitserver:/srv/git/project.git $ git push origin master
At this point, the others can clone it down and push changes back up just as easily:
$ git clone git@gitserver:/srv/git/project.git $ cd project $ vim README $ git commit -am 'Fix for README file' $ git push origin master
With this method, you can quickly get a read/write Git server up and running for a handful of developers.
You should note that currently all these users can also log into the server and get a shell as the git user. If you want to restrict that, you will have to change the shell to something else in the /etc/passwd file.
You can easily restrict the git user account to only Git-related activities with a limited shell tool called git-shell that comes with Git. If you set this as the git user account’s login shell, then that account can’t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for that account’s login shell. To do so, you must first add the full pathname of the git-shell command to /etc/shells if it’s not already there:
$ cat /etc/shells # see if git-shell is already in there. If not. $ which git-shell # make sure git-shell is installed on your system. $ sudo -e /etc/shells # and add the path to git-shell from last command
Now you can edit the shell for a user using chsh -s :
$ sudo chsh git -s $(which git-shell)
Now, the git user can still use the SSH connection to push and pull Git repositories but can’t shell onto the machine. If you try, you’ll see a login rejection like this:
$ ssh git@gitserver fatal: Interactive git shell is not enabled. hint: ~/git-shell-commands should exist and have read and execute access. Connection to gitserver closed.
At this point, users are still able to use SSH port forwarding to access any host the git server is able to reach. If you want to prevent that, you can edit the authorized_keys file and prepend the following options to each key you’d like to restrict:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
The result should look like this:
$ cat ~/.ssh/authorized_keys no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ ICUvax2T9va5 gsg-keypair no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEwENNMomTboYI+LJieaAY16qiXiH3wuvENhBG.
Now Git network commands will still work just fine but the users won’t be able to get a shell. As the output states, you can also set up a directory in the git user’s home directory that customizes the git-shell command a bit. For instance, you can restrict the Git commands that the server will accept or you can customize the message that users see if they try to SSH in like that. Run git help shell for more information on customizing the shell.