Build your own Git server under CentOS

First of all, you need to install the CentOS system. As a test, you can choose to install it on the virtual machine, which is more convenient. By default you will, so I'm not going to do that.

With CentOS, how do you set up an Git server?

1. You need to install Git first, and you can install it online using yum source:

[root@localhost Desktop]# yum install -y git

2. Create an git user to run the git service

# adduser git 

3, initialize git warehouse: here we choose/data git/learngit git as our git warehouse

[root@localhost git]# git init --bare learngit.git 
Initialized empty Git repository in /data/git/learngit.git/ 

Executing the above command will create a naked repository, which has no workspace, because the Git repository on the server is purely for sharing, so users are not allowed to log in directly to the server to change the workspace, and the Git repository on the server usually ends in.git. Then, change owner to git:

[root@localhost git]# chown git:git learngit.git 

4. At this point, the Git server is pretty much set up. Next we run the remote warehouse on the client side clone1

Zhu@XXX /E/testgit/8.34
$ git clone git@192.168.8.34:/data/git/learngit.git
Cloning into 'learngit'...
The authenticity of host '192.168.8.34 (192.168.8.34)' can't be established.
RSA key fingerprint is 2b:55:45:e7:4c:29:cc:05:33:78:03:bd:a8:cd:08:9d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.34' (RSA) to the list of known hosts.
git@192.168.8.34's password:

There are two important points to note here: 1. The first time you use Git's clone or push command to connect GitHub, you will get a warning:

The authenticity of host 'github.com (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is xx.xx.xx.xx.xx.
Are you sure you want to continue connecting (yes/no)?

This is because Git USES SSH connection, while SSH connection requires you to confirm whether the fingerprint information of GitHub Key really comes from GitHub's server when verifying Key of GitHub server for the first time. Enter yes enter.

Git will output a warning telling you that GitHub's Key has been added to the 1 trust list of the machine:

Warning: Permanently added 'github.com' (RSA) to the list of known hosts.

This warning will appear only once, and there will be no warning in the following operations.

If you are really worried about someone impersonating the GitHub server, check whether GitHub RSA Key's fingerprint information matches the 1 given by SSH before entering yes.

Second, you are prompted to enter your password to clone. Of course, if you know your password, you can enter your password to clone, but a more common way to do this is to use SSH's public key.

5. Create SSH Key

First, in the user's home directory, see if there is a.ssh directory. If there is, then see if there are id_rsa and id_rsa.pub files in this directory. If not, open Shell (under Windows open Git Bash) and create SSH Key:

$ ssh-keygen -t rsa -C "youremail@example.com" 

You will need to change your email address to your own, then press enter 1 and use the default. Since Key is not used for military purposes, there is no need to set a password.

ssh contains id_rsa and id_rsa.pub, which are the secret key pairs of SSH Key, id_rsa is the private key, which cannot be disclosed, and id_rsa.pub is the public key, which can be safely told to anyone.

6. Git server opens RSA authentication

Then you can go to the Git server and add your public key to verify your information. On the Git server, RSA authentication needs to be turned on for /etc/ssh/sshd_config, that is:

RSAAuthentication yes   
PubkeyAuthentication yes   
AuthorizedKeysFile .ssh/authorized_keys

Here we can see that the public key is stored in the.ssh /authorized_keys file. So we create the.ssh directory under /home/git, then create the authorized_keys file, and import the generated public key into it.

And then when you have clone again, or push again, you don't have to enter your password:

Zhu@XXX/E/testgit/8.34
$ git clone git@192.168.8.34:/data/git/learngit.git
Cloning into 'learngit'...
warning: You appear to have cloned an empty repository.
Checking connectivity... done.

7. Disable the login of shell for git users

For security reasons, the git user created in step 2 is not allowed to log in to shell, which can be done by editing the /etc/passwd file. Find a line similar to the following:

git:x:1001:1001:,,,:/home/git:/bin/bash 

Change the last colon to:

git:x:1001:1001:,,,:/home/git:/usr/bin/git-shell 

Thus, git users can normally use git via ssh, but cannot log in to shell, because git-shell, which we specified for git users, automatically exits every time they log in.