How to Setup a Private Git Server

There are many to get a private repository. One of which is, of course, to get a paid plan with GitHub. With a minimum monthly pay, you will be able to create 5 private repositories. However, even you pay to get private repositories, they are private to people on the Internet but are not literally private to GitHub though. Another way that you can get a private repository is setting up your own Git server.

This post will show you how to set up a Git server with SSH key authentication on CentOS 7. For other Linux distributions, it should be done in a similar manner as well.

Please note that those commands in a block with green background should be performed in your laptop or local computer, while those in blue blocks should be run at your server.

Create the SSH Key Pair

For Mac and Linux users, you can generate a SSH key pair with 'ssh-keygen' command. However, if you are using Windows, you might generate one with PuTTYgen. This part is supposed to be done in your laptop or local computer. If you already have your own SSH key pair, you may skip this part.

By default, it will generate a 2048-bit RSA key pair which is generally considered sufficiently secure for today. But if you need to have it more secure, you can specify the larger number of bits like 4096 with -b option.

$ ssh-keygen -b 4096 -C [email protected]

Generating public/private rsa key pair.  
Enter file in which to save the key (/Users/hellopeera/.ssh/id_rsa):  
Enter passphrase (empty for no passphrase):  
Enter same passphrase again:  
Your identification has been saved in /Users/hellopeera/.ssh/id_rsa.  
Your public key has been saved in /Users/hellopeera/.ssh/id_rsa.pub.  
The key fingerprint is:  
ef:7b:f6:19:63:9d:bc:58:61:62:d0:53:08:c1:4c:23 [email protected]  
The key's randomart image is:  
+--[ RSA 4096]----+
|         E+=o .. |
|          .oo..  |
|           . o   |
|            . .  |
|        S    o o |
|         .  . +.o|
|          .   ++.|
|         .  o.o+.|
|          o+ oo. |
+-----------------+

It is recommended specifying a passphrase to protect your private key against someone else from using it since this private key will be used as if it is a password to access your private git repositories. Your generated private key and public key will be saved in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub respectively. Here what your public key will look like.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+NMapykjDt1kzSQKul8bXikQJ6jSN0sII2vGuKdORnPu9MQPc4lQfIpZyTIg/IIShW09lGg0ZerAjStlfE2ALeUpo3SjTxNoV51c/bOOMWrCJbGy52XxasoLgnwTzLqKwKJRpJtQASQyvSySJVwR/cNtU0vdCMiBJwftV+6Qq7crNUaNVhAq/6RSbYYg9owfQyJKaW99YgHeQ24apl0kIUZlx5Hos11gfFjDKtJ0QtIFYjRw18YaNVPuHkI2LBuEKYTVvn5dNR6lhfMxwEY3kLrSD5dZRUOSzL2jhGpQCJGu8rAP8DluoUBAqFCkU9lj+AJ7mu3sbgfsEXynlHyNx0HmBaWyep2yj+I5qGSeLNFWV8eMclgwlGhiHQg+1aNijhZKnuTsJ569BA+HkFjNJwyy1jXa3VYyKFOsNRB9Km1bPlxLQ5jniWh2L8OardifUZFv4eC4vjl389Dnvq7nD8zWJrQt56UB23ZQ+HUd2GlYafPzhsR1m8ndv5fn7FvCGRAZOqpHyGN5FmPs2hHXCN0Bv19FYycUGDuMCSFi3AVVgDgW7YefmDLHbpsLCDdbeWcm0K8HnG0gi/U8zehlgwLru5fmQt143HYFNvwoWWgvEO6KbpByPptKymP3S6/3Npnri0WkGaTmZIwXhg+qvG2XJbB4uaehyTDsrUAJ5Rw [email protected]

Install Git

This part should be performed at the server with root privileges which can be either root login or sudo.

For CentOS users, we install Git with 'yum'. For other Linux distributions, you may use a different package manger based on your Linux distributions. If you really have no idea about it, Git website also provides this: https://git-scm.com/download/linux

# yum install git

Create a user to handle Git

Create a new user for handling Git repositories.

# useradd git

Disallow login to this user by typing the password. This forces you to login with the SSH private key only.

# passwd -d git && passwd -l git

Allow yourself to access your private Git server

Switch root login to login as 'git' user

# su - git
$ whoami
git

Now you have logged in as 'git'. We need to create an authorized_keys file for git user. This file will contain a list of public keys that are authorized to login to the git user via SSH protocol. In other words, whoever has a private key that match one of these public keys listed in this file will be able to login to this private Git server as git user. Therefore, we need to create the authorized_keys file, if it doesn't exist, and put your 'public' key in this file.

Create the .ssh directory and the authorized_keys file inside as well as change their permission to more secure one.

$ mkdir ~/.ssh && chmod 700 ~/.ssh
$ touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys

Open the authorized_keys file with any text editor and add your public key by copying the text inside id_rsa.pub and simply pasting it into the authorized_keys file. Then save the authorized_keys file and exit the text editor.

If you also want to allow other people to access this, you may ask those people to send you their public key. All you have to do is appending their public keys to the authorized_keys file. That's it.

$ vi ~/.ssh/authorized_keys

Now your authorized_keys file will look like this. In this case, the first line of the file is my public key and the second is the other person's public key. So the git user will be accessible to me and the other person as well.

$ cat ~/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+NMapykjDt1kzSQKul8bXikQJ6jSN0sII2vGuKdORnPu9MQPc4lQfIpZyTIg/IIShW09lGg0ZerAjStlfE2ALeUpo3SjTxNoV51c/bOOMWrCJbGy52XxasoLgnwTzLqKwKJRpJtQASQyvSySJVwR/cNtU0vdCMiBJwftV+6Qq7crNUaNVhAq/6RSbYYg9owfQyJKaW99YgHeQ24apl0kIUZlx5Hos11gfFjDKtJ0QtIFYjRw18YaNVPuHkI2LBuEKYTVvn5dNR6lhfMxwEY3kLrSD5dZRUOSzL2jhGpQCJGu8rAP8DluoUBAqFCkU9lj+AJ7mu3sbgfsEXynlHyNx0HmBaWyep2yj+I5qGSeLNFWV8eMclgwlGhiHQg+1aNijhZKnuTsJ569BA+HkFjNJwyy1jXa3VYyKFOsNRB9Km1bPlxLQ5jniWh2L8OardifUZFv4eC4vjl389Dnvq7nD8zWJrQt56UB23ZQ+HUd2GlYafPzhsR1m8ndv5fn7FvCGRAZOqpHyGN5FmPs2hHXCN0Bv19FYycUGDuMCSFi3AVVgDgW7YefmDLHbpsLCDdbeWcm0K8HnG0gi/U8zehlgwLru5fmQt143HYFNvwoWWgvEO6KbpByPptKymP3S6/3Npnri0WkGaTmZIwXhg+qvG2XJbB4uaehyTDsrUAJ5Rw== [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZY0n3YwLujqShul3e2V3CQ8UUvFjtTJq76qngBlgsS2fGZfmnXP3IWZUROUp5JN3hYCuvx6hawrrqSXG5+oJV0xVfASUePCL4Evr0PhngzNUt4JrQls6sFXCgGtQv8FZ8SsL59J9UrL0VczOdi79e0GZc6I+0LryKRcjFJ7CXuZtB4EkKwCl7gVUJ9zNZbMey/ziKdD/tNivfHqMOvS9WwsJoghaXqCYBXBFYM0p6CgT5qBVkLcGRwfWKs9+v0ZFyYRry2By8P9Hzl9MexOg0dH2FK0gMr/9aKIPDFuAhHxElpIFLwq9ioGkCBOMgF+z2NH8Zf84Esbt9+2hY7T1j [email protected]

To test that this really works, you may try to SSH to the server as git user from your local computer. If you saved your private key at the default location (~/.ssh/id_rsa), you don't necessarily specify your private key explicitly in the command line. However, if your private key is stored in a different place, you can specify its location with -i option. Suppose the server's IP address is 192.168.1.10.

$ ssh [email protected]

If you can login to the server as git user with no password asked, you are good to go!

Create a Git repository

So everything has been prepared for this moment. Let's create an empty Git repository in the server and name it 'project1'.

$ cd ~
$ git init --bare project1.git
$ ls -l
drwxr-x--- 7 git git 111 Nov  8 08:31 project1.git

With this command, an empty folder named project1.git will be created and used as a bare Git repository - a repository that doesn't contain working files. It is important to have a bare repository at the server, otherwise it will not be able to accept a push.

$ cd project1.git
$ ls -l
drwxr-x--- 2 git git    6 Nov  8 08:31 branches
-rw-r----- 1 git git   66 Nov  8 08:31 config
-rw-r----- 1 git git   73 Nov  8 08:31 description
-rw-r----- 1 git git   23 Nov  8 08:31 HEAD
drwxr-x--- 2 git git 4096 Nov  8 08:31 hooks
drwxr-x--- 2 git git   20 Nov  8 08:31 info
drwxr-x--- 7 git git   55 Nov  8 08:33 objects
drwxr-x--- 4 git git   29 Nov  8 08:31 refs

At this point, the Git repository has been created successfully. You may use a text editor to edit the repository description in the description file.

Using the Git server from your local computer

If you don't have a local repository in your laptop. You can clone the remote repository into a new local directory.

$ git clone ssh://[email protected]/~/project1.git
Cloning into 'project1'...
warning: You appear to have cloned an empty repository.
Checking connectivity... done.
$ ls -l
drwxr-xr-x  3 hellopeera  staff  102 Nov  8 22:16 project1

A new local repository directory will be created within the current directory since no directory is explicitly given in the command line. If you wish to have it in a different local directory, you can specify it at as the command argument. Note that cloning into an existing directory is only allowed if the directory is empty.

For example, to clone the remote repository into the current directory, as opposed to creating a new directory within the current directory like what we did above, you can specify the current directory in the command line.

$ mkdir project1
$ cd project1
$ git clone ssh://[email protected]/~/project1.git .

However, if you already have an existing local repository which is ready to be pushed to the server, you can set the Git server to be its origin and then push all the files to the server.

$ cd existing_project1
$ git remote add origin ssh://[email protected]/~/project1.git
$ git push --set-upstream origin master

This is it. Now your local and remote repository are working together perfectly.

GUI client

Soon after you added the Git server as the remote origin of your local repository, you can also use GitHub Desktop such as GitHub for Mac to commit and sync your local repository with the private remote one. Get it free from https://desktop.github.com/