Setting up a git server repository with Digital Ocean and Ubuntu
4 min read
Links I used
So why this blog post?
Both get you to where you want to go. It was a bit painful though at times because they both don't fill in all the gaps. This post will hopefully help me and others do this much faster in the future. My setup is a Windows 10 local and Ubuntu 20.04 remote.
SSH and Certificates, time to get a little comfy
I'm not a Linux guy (TM) but I'm getting better at it. The thing that's important here is that you don't want to setup a git repository with the root user. I'm doing a bunch of things I could care less about people getting into so I'm sure my security isn't super amazing, but still. Fire up your SSH connection to your instance as root so we can get started. Adding another account is easy but there's multiple ways to do it. As of this publishing date this is the way.
This is going to create a home directory and the user git. Create directory and set permissions From here we want to go to the git user's home directory and add a .ssh folder.
cd /home/git mkdir .ssh && chmod 700 .ssh
So far so good I suppose. Git's official website has us kicking butt so far. But then magically they have a certificate and you don't. :( Let's fix that up. Note: There are many many ways to do this and I have no idea if this is the best way but it worked on my machine and sure seemed easier.
cd .ssh ssh-keygen -C "email@example.com"
The defaults should work here except, give yourself a passphrase. It's just the right thing to do. You should get a successful message with the key's randomart (if you read this as rando mart you aren't alone). Now if you're on a Windows machine you could also generate one on putty with moving your mouse around and then formatting/fixing the key and all that...or just do it the way it works on Linux, your new (old?) buddy.
Transfer the cert to your local machine
Now the issue is we need that cert back on our own machine. Back in windows land we also have home directories for users. Create a c:\temp folder and open up a terminal. I'm using Powershell because it sounds more powerful than command line and some of the commands work both places like "ls".
cd c:\Users\<your username> scp root@<your IP Address goes here>:/home/git/.ssh/id_rsa c:\temp scp root@<your IP Address goes here>:/home/git/.ssh/id_rsa.pub c:\temp
From here this needs to go in your c:\Users\.ssh folder. I renamed the files id_rsa and id_rsa.pub into git_rsa.ppk and git_rsa_pub and then moved them to the .ssh folder. BTW: The folder could be a hidden directory, just a heads up. I don't know why I renamed these files, but this is what files putty generates so I just went with it.
Append the cert
The cert should now exist in two places. If it doesn't then I've failed you, go back and try again :( If we're all on the same page still we need to squirt the cert into a authorized_keys folder.
touch authorized_keys cat id_rsa.pub >> authorized_keys cat authorized_keys chmod 600 authorized_keys
Touch creates the file, cat concatenates the contents of id_rsa.pub into authorized keys, and we can verify something is in the file with cat authorized_keys. If you need more users, just keep on appending their certs to this file.
Let's test this crap
At this moment I'm realizing that I kind of just put up a tutorial on how to implement certificates for logging in. I guess I have the template for another blog post because you should be logging in this way to root as well. Either way, that's exactly what we want to do. Bring up putty or whatever ssh client you have and try to log in using the git user. It should prompt you for your passphrase and you should be dropped into git's home directory. If this is working then yahoo, we're almost done.
If this works you can now remove the id_rsa.pub and id_rsa file you generated on the server earlier (not the local machine!).
rm id_rsa rm id_rsa.pub
Get git going
Now we just need to initialize our git server by creating a directory and initializing it. I'm just creating a directory in my git's home folder. If you do it outside of your git folder you might get security errors when trying to push using a git user. Move the git repo out of the git home directory at your own risk.
cd ~ mkdir your-project.git cd your-project.git git init --bare
This folder should now contain a bunch of folders like HEAD, branches, config, etc. Basically git folders. Now for existing git repo:
git remote set-url origin git@<your ip>:/home/git/your-project.git
Or create a new folder and:
git init git remote add origin git@<your ip>:/home/git/your-project.git
That should be it, you should now be able to push to the repository. Yippee!