Setting up a git server repository with Digital Ocean and Ubuntu

·

4 min read

Official Git Website

Official DO website

So why this blog post?

Both get you to where you want to go. It was a bit painful though at times because they both don't fill in all the gaps. This post will hopefully help me and others do this much faster in the future. My setup is a Windows 10 local and Ubuntu 20.04 remote.

SSH and Certificates, time to get a little comfy

I'm not a Linux guy (TM) but I'm getting better at it. The thing that's important here is that you don't want to setup a git repository with the root user. I'm doing a bunch of things I could care less about people getting into so I'm sure my security isn't super amazing, but still. Fire up your SSH connection to your instance as root so we can get started. Adding another account is easy but there's multiple ways to do it. As of this publishing date this is the way.

Remote

adduser git

This is going to create a home directory and the user git. Create directory and set permissions From here we want to go to the git user's home directory and add a .ssh folder.

Remote

cd /home/git
mkdir .ssh && chmod 700 .ssh

So far so good I suppose. Git's official website has us kicking butt so far. But then magically they have a certificate and you don't. :( Let's fix that up. Note: There are many many ways to do this and I have no idea if this is the best way but it worked on my machine and sure seemed easier.

Generate certificate

Remote

cd .ssh
ssh-keygen -C "putyouremail@here.com"

The defaults should work here except, give yourself a passphrase. It's just the right thing to do. You should get a successful message with the key's randomart (if you read this as rando mart you aren't alone). Now if you're on a Windows machine you could also generate one on putty with moving your mouse around and then formatting/fixing the key and all that...or just do it the way it works on Linux, your new (old?) buddy.

Transfer the cert to your local machine

Now the issue is we need that cert back on our own machine. Back in windows land we also have home directories for users. Create a c:\temp folder and open up a terminal. I'm using Powershell because it sounds more powerful than command line and some of the commands work both places like "ls".

Local

cd c:\Users\<your username>
scp root@<your IP Address goes here>:/home/git/.ssh/id_rsa c:\temp
scp root@<your IP Address goes here>:/home/git/.ssh/id_rsa.pub c:\temp

From here this needs to go in your c:\Users\.ssh folder. I renamed the files id_rsa and id_rsa.pub into git_rsa.ppk and git_rsa_pub and then moved them to the .ssh folder. BTW: The folder could be a hidden directory, just a heads up. I don't know why I renamed these files, but this is what files putty generates so I just went with it.

Append the cert

The cert should now exist in two places. If it doesn't then I've failed you, go back and try again :( If we're all on the same page still we need to squirt the cert into a authorized_keys folder.

Remote

touch authorized_keys
cat id_rsa.pub >> authorized_keys
cat authorized_keys 
chmod 600 authorized_keys

Touch creates the file, cat concatenates the contents of id_rsa.pub into authorized keys, and we can verify something is in the file with cat authorized_keys. If you need more users, just keep on appending their certs to this file.

Let's test this crap

At this moment I'm realizing that I kind of just put up a tutorial on how to implement certificates for logging in. I guess I have the template for another blog post because you should be logging in this way to root as well. Either way, that's exactly what we want to do. Bring up putty or whatever ssh client you have and try to log in using the git user. It should prompt you for your passphrase and you should be dropped into git's home directory. If this is working then yahoo, we're almost done.

If this works you can now remove the id_rsa.pub and id_rsa file you generated on the server earlier (not the local machine!).

Remote

rm id_rsa
rm id_rsa.pub

Get git going

Now we just need to initialize our git server by creating a directory and initializing it. I'm just creating a directory in my git's home folder. If you do it outside of your git folder you might get security errors when trying to push using a git user. Move the git repo out of the git home directory at your own risk.

Remote

cd ~
mkdir your-project.git
cd your-project.git
git init --bare

This folder should now contain a bunch of folders like HEAD, branches, config, etc. Basically git folders. Now for existing git repo:

Local

git remote set-url origin git@<your ip>:/home/git/your-project.git

Or create a new folder and:

Local

git init
git remote add origin git@<your ip>:/home/git/your-project.git

That should be it, you should now be able to push to the repository. Yippee!