4.3 Git

Generate SSH keys

You can use Git by entering a password on every push and pull, but using SSH keys is both easier and more secure. If you don't have a SSH key pair yet, you can generate them as follows:

ssh-keygen -t rsa -C "[email protected]"

(Note that there's more info on GitHub, including how to generate keys on Windows and Mac.)

Set up a Git server

Once, setup a user account for git:

sudo adduser git
mkdir /home/git/repos/

Run all the following commands as this new git user:

sudo -s -u git

Now, configure the SSH keys:

cd ~/
mkdir .ssh
cat /my/public/key.pub >> ~/.ssh/authorized_keys
mkdir repos

Set up a new repository:

For each new repo, :

cd ~/repos
mkdir projectname.git
cd projectname.git
git init --bare    

Now you can commit files from another computer:

mkdir projectname
cd projectname
git init
git remote add origin git://[email protected]<ipaddress:port>/home/git/repos/projectname.git
git add .
git commit -m "initial commit"
git push origin master

Note: when using a different port for SSH, you have to use the ssh:// prefix instead of the git:// prefix.

If you're going to access the repo from inside and outside the LAN, e.g. from home and from work on the same laptop, you probably want to add two origins, e.g. originwan and originlan; the first with your outside ip and the other with the local ip of your pi.

Added security

Quoting this:

    As an extra precaution, you can easily restrict the 'git' user to only doing Git activities with a limited shell tool called `git-shell` that comes with Git. If you set this as your 'git' user’s login shell, then the 'git' user can’t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for your user’s login shell.

To do so, edit /etc/passwd, find the line with 'git' in it and change /bin/sh or /bin/bash to /usr/bin/git-shell. (Use which git-shell to check if you got that path right.) Now user git can no longer SSH into the RPi, but you can still sudo -s -u git from another users shell session to, e.g. add another repo.

Configuring SSH keys on a Linux client

To get your SSH keys working on a Linux client, first copy them to the .ssh folder in your home directory and make them readable to only you:

cp /my/public/key.pub ~/.ssh/id_key.pub
cp /my/public/key.ppk ~/.ssh/id_key
chmod 700 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh/id_rsa

Then, create and edit ~/.ssh/config:

Host {ip address of your pi}
    User git
    Hostname {ip address of your pi}
    PreferredAuthentications publickey
    IdentityFile "~/.ssh/id_rsa"

You should now be able to push and pull to and from your pi without using a password.

results matching ""

    No results matching ""