UPDATE: Other possibility to all these steps it would be a public Git encrypted repository on an open platform, just if you don’t want to invest time on this option. As a comment if you have a Keybase.io account they have implemented this option for you using GitHub as Git platform.
Some times I have needed to share some private projects between different machines and I found quite useful to have an internal git server installed to be accessible from everywhere, once I solved, in a more or less secured way the access to my platform check this link if you’re interested in to know additional details about this process, I only need to install a minimal Git server.
The first choice I had to make was if I’m going to host the git server on my server or I could use other hardware, so I realized that my pfsense router could be the perfect place. Anyway it’s needed to check out how much free space we have:
# df -h Filesystem Size Used Avail Capacity Mounted on /dev/ufsid/569025cc62366d87 21G 872M 19G 4% /
Now it’s time to install the git server package on our pfSense:
# pkg install git Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 5 package(s) will be affected (of 0 checked): New packages to be INSTALLED: git: 2.14.1 [pfSense] p5-Authen-SASL: 2.16_1 [pfSense] p5-GSSAPI: 0.28_1 [pfSense] p5-Digest-HMAC: 1.03_1 [pfSense] p5-Error: 0.17025 [pfSense] Number of packages to be installed: 5 ... ===> Creating groups. Creating group 'git_daemon' with gid '964'. ===> Creating users Creating user 'git_daemon' with uid '964'. Extracting git-2.14.1: 100% Message from git-2.14.1: ------------------------------------------------------------------------ *************************** GITWEB ************************************* If you installed the GITWEB option please follow these instructions: ... *************************** GITWEB ************************************* *************************** CONTRIB ************************************ If you installed the CONTRIB option please note that the scripts are installed in /usr/local/share/git-core/contrib. Some of them require other ports to be installed (perl, python, etc), which you may need to install manually. *************************** CONTRIB ************************************ ------------------------------------------------------------------------
I’m not going to use a web interface so I’m not going into any detail about how to install gitweb package. Let’s create the service user:
# adduser Username: git Full name: git Uid (Leave empty for default): Login group [git]: Login group is git. Invite git into other groups? []: Login class [default]: Shell (sh csh tcsh ssh_tunnel_shell scponly scponlyc git-shell nologin) [sh]: Home directory [/home/git]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: ç Lock out the account after creation? [no]: Username : git Password : ***** Full Name : git Uid : 1005 Class : Groups : git Home : /home/git Home Mode : Shell : /bin/sh Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (git) to the user database. Add another user? (yes/no): no Goodbye!
With this user created we can enable SSH access to users who are going to use this service, so we just need put their public SSH keys into authorized_keys file in git user account. This can be done with ssh-copy-id command or just copying public keys manually.
For a proper installation is needed to setup the right permissions:
$ mkdir .ssh && chmod 700 /home/git/.ssh/ $ cd .ssh && ls -ld . drwx------ 2 git git 512 Feb 8 14:28 . $ touch authorized_keys && chmod 600 authorized_keys
Let’s create a directory structure to store our ultra-secret projects, this part is very personal so I’m going a be a little generic here (logged as git user, by the way):
$ mkdir -p WHEREVER_YOU_WANT_PATH/secret.git && cd WHEREVER_YOU_WANT_PATH/secret.git $ git init --bare Initialized empty Git repository in WHEREVER_YOU_WANT_PATH/secret.git/ $ ls -l total 32 -rw-r--r-- 1 git git 23 Feb 10 10:17 HEAD drwxr-xr-x 2 git git 512 Feb 10 10:17 branches -rw-r--r-- 1 git git 66 Feb 10 10:17 config -rw-r--r-- 1 git git 73 Feb 10 10:17 description drwxr-xr-x 2 git git 512 Feb 10 10:17 hooks drwxr-xr-x 2 git git 512 Feb 10 10:17 info drwxr-xr-x 4 git git 512 Feb 10 10:17 objects drwxr-xr-x 4 git git 512 Feb 10 10:17 refs
Client side configuration
Now it’s time of the funny part because we are going to config the client side:
client_host:$ vim ~/.ssh/config # PRIVATE HOME GIT SERVER SETTINGS Host gitserver Hostname YOUR_PUBLIC / YOUR_DNS_NAME User git Port CUSTOM_PORT (WHERE YOUR SSH SERVER IS LISTENING) client_host:$ mkdir my_secret_project && cd my_secret_project client_host:$ git init Initialized empty Git repository in WHEREVER/my_secret_project/.git/ client_host:$ git add . client_host:$ git commit -m 'initial commit' On branch master Initial commit nothing to commit client_host:$ git remote add origin gitserver:WHEREVER_YOU_WANT_PATH/secret.git client_host:$ git push origin master Counting objects: 3, done. Writing objects: 100% (3/3), 227 bytes | 227.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) To ssh://gitserver:WHEREVER_YOU_WANT_PATH/secret.git * [new branch] master -> master
Note that I made some tests while I was writing this entry because of that the push command has written 3 objects in my case.
When other user want to clone this repository “just” need to execute:
$ GIT_SSH_COMMAND='ssh -p CUSTOM_SSH_PORT' git clone ssh://git@YOUR_IP:WHEREVER_YOU_WANT_PATH/secret.git Cloning into 'secret'... remote: Counting objects: 3, done. remote: Total 3 (delta 0), reused 0 (delta 0) Receiving objects: 100% (3/3), done.
I highly important recommendation is to use git-shell option in our configuration just to get a more secure environment.
# chsh -s /usr/local/bin/git-shell git chsh: user information updated # grep git: /etc/passwd git:*:1005:1005:git:/home/git:/usr/local/bin/git-shell
Installation reference link:
- https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
- https://confluence.atlassian.com/bitbucketserverkb/src-refspec-master-does-not-match-any-error-when-pushing-to-repository-788727186.html
Have fun!
—
“Nothing shows a man’s character more than what he laughs at”
— J. W. von Goethe