4.3 Git
Generate SSH keys
You can use Git by entering a password on every push and pull, but using SSH keys is both easier and more secure. If you don't have a SSH key pair yet, you can generate them as follows:
ssh-keygen -t rsa -C "[email protected]"
(Note that there's more info on GitHub, including how to generate keys on Windows and Mac.)
Set up a Git server
Once, setup a user account for git:
sudo adduser git
mkdir /home/git/repos/
Run all the following commands as this new git user:
sudo -s -u git
Now, configure the SSH keys:
cd ~/
mkdir .ssh
cat /my/public/key.pub >> ~/.ssh/authorized_keys
mkdir repos
Set up a new repository:
For each new repo, :
cd ~/repos
mkdir projectname.git
cd projectname.git
git init --bare
Now you can commit files from another computer:
mkdir projectname
cd projectname
git init
git remote add origin git://git@<ipaddress:port>/home/git/repos/projectname.git
git add .
git commit -m "initial commit"
git push origin master
Note: when using a different port for SSH, you have to use the ssh:// prefix instead of the git:// prefix.
If you're going to access the repo from inside and outside the LAN, e.g. from home and from work on the same laptop, you probably want to add two origins, e.g. originwan and originlan; the first with your outside ip and the other with the local ip of your pi.
Added security
Quoting this:
As an extra precaution, you can easily restrict the 'git' user to only doing Git activities with a limited shell tool called `git-shell` that comes with Git. If you set this as your 'git' user’s login shell, then the 'git' user can’t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for your user’s login shell.
To do so, edit /etc/passwd
, find the line with 'git' in it and change /bin/sh
or /bin/bash
to /usr/bin/git-shell
. (Use which git-shell
to check if you got that path right.) Now user git can no longer SSH into the RPi, but you can still sudo -s -u git
from another users shell session to, e.g. add another repo.
Configuring SSH keys on a Linux client
To get your SSH keys working on a Linux client, first copy them to the .ssh
folder in your home directory and make them readable to only you:
cp /my/public/key.pub ~/.ssh/id_key.pub
cp /my/public/key.ppk ~/.ssh/id_key
chmod 700 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh/id_rsa
Then, create and edit ~/.ssh/config
:
Host {ip address of your pi}
User git
Hostname {ip address of your pi}
PreferredAuthentications publickey
IdentityFile "~/.ssh/id_rsa"
You should now be able to push and pull to and from your pi without using a password.