=” Foreword “==
Environment: Server CentOS6.6 + git (version 1.7.1) Client Windows10 + git (version 2.8.4.windows.1)
① Install Git
Linux is used as the server system, Windows is used as the client system, and Git is installed separately
Server side:
#yum install -y git
After installation, check the Git version
[root@localhost ~]# git --version git version 1.7.1
Client:
Download Git for Windows, address: https://git-for-windows.github.io/
Once installed, you can use Git Bash as a command-line client.
After installation, check the Git version
$ git --version git version 2.8.4.windows.1
② Create a git user on the server side to manage Git services and set a password for the git user
[root@localhost home]# id git id: git: no such user [root@localhost home]# useradd git [root@localhost home]# passwd git
③ Create a Git warehouse on the server side
Set /home/data/git/gittest.git as Git repository
Then change the owner of the Git repository to git
[root@localhost home]# mkdir -p data/git/gittest.git [root@localhost home]# git init --bare data/git/gittest.git Initialized empty Git repository in /home/data/git/gittest.git/ [root@localhost home]# cd data/git/ [root@localhost git]# chown -R git:git gittest.git/
④ Client clone remote warehouse
Enter the Git Bash command line client, create a project address (set in d:/wamp64/www/gittest_gitbash) and enter:
dee@Lenovo-PC MINGW64 /d $ cd wamp64/www dee@Lenovo-PC MINGW64 /d/wamp64/www $ mkdir gittest_gitbash dee@Lenovo-PC MINGW64 /d/wamp64/www $ cd gittest_gitbash dee@Lenovo-PC MINGW64 /d/wamp64/www/gittest_gitbash $
Then clone the project from the Linux Git server:
$ git clone [email protected]:/home/data/gittest.git
If SSH is not using the default port 22, you need to use the following command (assuming the SSH port number is 7700):
$ git clone ssh://[email protected]:7700/home/data/gittest.git
When connecting to the target Git server for the first time you will get a prompt:
The authenticity of host '192.168.56.101 (192.168.56.101)' can't be established. RSA key fingerprint is SHA256:Ve6WV/SCA059EqoUOzbFoZdfmMh3B259nigfmvdadqQ. Are you sure you want to continue connecting (yes/no)?
Choose yes:
Warning: Permanently added '192.168.56.101' (RSA) to the list of known hosts.
At this time, there will be an additional file known_hosts under C:\Users\username.ssh, and the above statement will not be prompted again when connecting to the target Git server on this computer in the future.
You will be prompted to enter a password later, and you can use the SSH public key for verification.
⑤ Client creates SSH public key and private key
$ ssh-keygen -t rsa -C "[email protected]"
At this time, there will be two more files id_rsa and id_rsa.pub under C:\Users\username.ssh
id_rsa is the private key
id_rsa.pub is the public key
⑥ Server-side Git opens RSA authentication
Enter the /etc/ssh directory, edit sshd_config, and open the comments of the following three configurations:
RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile.ssh/authorized_keys
Save and restart the sshd service:
[root@localhost ssh]# /etc/rc.d/init.d/sshd restart
From the AuthorizedKeysFile, we know that the storage path of the public key is .ssh/authorized_keys, which is actually $Home/.ssh/authorized_keys. Since the user who manages the Git service is git, the actual storage path of the public key is /home/git/.ssh /authorized_keys
Create directory .ssh under /home/git/
[root@localhost git]# pwd /home/git [root@localhost git]# mkdir .ssh [root@localhost git]# ls -a . .. .bash_logout .bash_profile .bashrc .gnome2 .mozilla .ssh
Then change the owner of the .ssh folder to git
[root@localhost git]# chown -R git:git .ssh [root@localhost git]# ll -a Total usage 32 drwx------. 5 git git 4096 Aug 28 20:04 . drwxr-xr-x. 8 root root 4096 Aug 28 19:32 .. -rw-r--r--. 1 git git 18 Oct 16 2014 .bash_logout -rw-r--r--. 1 git git 176 Oct 16 2014 .bash_profile -rw-r--r--. 1 git git 124 Oct 16 2014 .bashrc drwxr-xr-x.2 git git 4096 Nov 12 2010 .gnome2 drwxr-xr-x.4 git git 4096 May 8 12:22 .mozilla drwxr-xr-x.2 git git 4096 Aug 28 20:08 .ssh
⑦ Import the client public key into the server /home/git/.ssh/authorized_keys file
Back under Git Bash, import the file:
$ ssh [email protected] 'cat >> .ssh/authorized_keys' < ~/.ssh/id_rsa.pub
Need to enter the password of the server-side git user
Go back to the server and check whether the authorized_keys file exists under .ssh:
[root@localhost git]# cd .ssh [[email protected]]# ll Total usage 4 -rw-rw-r--. 1 git git 398 Aug 28 20:08 authorized_keys
You can check whether it is the public key generated by the client.
Important:
Modify the permissions of the .ssh directory to 700
Modify the permissions of the .ssh/authorized_keys file to 600
[root@localhost git]# chmod 700 .ssh [root@localhost git]# cd .ssh [root@localhost .ssh]# chmod 600 authorized_keys
⑧ The client clones the remote warehouse again
$ git clone [email protected]:/home/data/git/gittest.git
View the client project directory:
The project has been cloned.
You can also use the tortoiseGit client to manage projects:
clone
⑨ Prohibit git user ssh login server
The git user previously created on the server does not allow ssh to log in to the server
edit /etc/passwd
turn up:
git:x:502:504::/home/git:/bin/bash
change into
git:x:502:504::/home/git:/bin/git-shell
At this time, the git user can use git normally through ssh, but cannot log in to the system through ssh.
Reference: Build your own Git server under CentOS