Build a Git server under CentOS

1. First, you need to install Git. You can use the yum source to install it online:

[root@localhost Desktop]# yum install -y git

2. Create a git user to run the git service

adduser git

3. Initialize git repository:

Here we choose /data/git/learngit.git as our git repository

[root@localhost git]# git init --bare learngit.git
Initialized empty Git repository in /data/git/learngit.git/

Executing the above command will create a bare warehouse. The bare warehouse does not have a workspace. Because the Git warehouse on the server is purely for sharing, users are not allowed to log in directly to the server to change the workspace, and the Git warehouse on the server usually All end with .git. Then, change the owner to git:

[root@localhost git]# chown git:git learngit.git

4. Here, the Git server is almost ready.

Next we clone the remote warehouse on the client

Zhu@XXX /E/testgit/8.34
$ git clone git@192.168.8.34:/data/git/learngit.git
Cloning into 'learngit'...
The authenticity of host '192.168.8.34 (192.168.8.34)' can't be established.
RSA key fingerprint is 2b:55:45:e7:4c:29:cc:05:33:78:03:bd:a8:cd:08:9d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.34' (RSA) to the list of known hosts.
git@192.168.8.34's password:

Two points to note here: First, when you use Git's clone or push command to connect to GitHub for the first time, you will get a warning:

The authenticity of host 'github.com (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is xx.xx.xx.xx.xx.
Are you sure you want to continue connecting (yes/no)?

This is because Git uses SSH connection, and when the SSH connection first verifies the Key of the GitHub server, you need to confirm whether the fingerprint information of the GitHub Key really comes from the GitHub server. Just enter yes and press Enter. Git will output a warning telling you that the GitHub Key has been added to a trust list on this machine:

Warning: Permanently added 'github.com' (RSA) to the list of known hosts.

This warning will only appear once, and there will be no warnings for subsequent operations. If you are really worried about someone impersonating the GitHub server, before entering yes, you can check whether the fingerprint information of GitHub's RSA Key is consistent with that given by the SSH connection. Second, you are prompted to enter a password to clone. Of course, if you know the password, you can type the password to clone, but the more common way is to use the SSH public key to complete the verification.

5. Create SSH Key

First, check if there is a .ssh directory in the user's home directory. If so, then check if there are two files, id_rsa and id_rsa.pub, in this directory. If they already exist, you can jump directly to the next step. .

If not, open Shell (open Git Bash under Windows) and create SSH Key:

$ ssh-keygen -t rsa -C "youremail@example.com"

You need to change the email address to your own email address, then press Enter all the way, and use the default value. Since this Key is not used for military purposes, there is no need to set a password. If everything goes well, you can find the .ssh directory in the user's home directory. There are two files, id_rsa and id_rsa.pub. These two are the SSH Key pair. id_rsa is the private key and cannot be leaked. id_rsa.pub It is a public key and can be shared with anyone with confidence.

6. Turn on RSA authentication on the Git server

Then you can add your public key to the Git server to verify your information.

On the Git server, you first need to turn on RSA authentication in /etc/ssh/sshd_config, that is:

1.RSAAuthentication yes
2.PubkeyAuthentication yes
3.AuthorizedKeysFile .ssh/authorized_keys

Here we can see that the public key is stored in the .ssh/authorized_keys file. So we create the .ssh directory under /home/git, then create the authorized_keys file and import the newly generated public key into it. Then when you clone again, or when you push later, you don’t need to enter the password again:

Zhu@XXX/E/testgit/8.34
$ git clone git@192.168.8.34:/data/git/learngit.git
Cloning into 'learngit'...
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

7. Disable shell login for git users

For security reasons, the git user created in the second step is not allowed to log in to the shell. This can be done by editing the /etc/passwd file. Find a line similar to the following:

git:x:1001:1001:,,,:/home/git:/bin/bash

After the last colon, change it to:

git:x:1001:1001:,,,:/home/git:/usr/bin/git-shell

In this way, the git user can use git normally through ssh, but cannot log in to the shell, because the git-shell we specified for the git user automatically logs out every time he logs in.

The above is the detailed content of Build a Git server under CentOS. For more information, please follow other related articles on the PHP Chinese website!