安装Git
yum install -y git
git --version
服务器端创建 git 用户,用来管理 Git 服务,并为 git 用户设置密码
id git
# id: git: no such user
useradd git
password git
创建 Git 仓库
设置 git/gittest.git 为 Git 仓库
然后把 Git 仓库的 owner 修改为 git
mkdir -p git/gittest.git
git init --bare git/gittest.git
cd git
chown -R git:git gittest.git
客户端
安装git
clone 远程仓库
cd /d
git clone git@ipaddress:/data/git/gittest.git
当第一次连接到目标 Git 服务器时会得到一个提示:
The authenticity of host '192.168.56.101 (192.168.56.101)' can't be established.
RSA key fingerprint is SHA256:Ve6WV/SCA059EqoUOzbFoZdfmMh3B259nigfmvdadqQ.
Are you sure you want to continue connecting (yes/no)?
选择 Yes :
Warning: Permanently added '192.168.56.101' (RSA) to the list of known hosts.
此时会在 C:\Users\用户名\.ssh 下多一个 known_hosts 文件。
后面提示要输入密码,可以采用 SSH 公钥来进行验证。
创建 SSH 公钥和私钥
ssh-keygen -t rsa -C "emailAddress"
结果:
$ ssh-keygen -t rsa -C "emailAddress"
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/Administrator/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/Administrator/.ssh/id_rsa.
Your public key has been saved in /c/Users/Administrator/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:gIS6eGoFkQ/Uj2V0exwA9YgxP8AzrWumBkF2Wqijc7k emailAddress
The key's randomart image is:
+---[RSA 2048]----+
|..+.+*++.. |
| B.= BB.= . |
|+.B *.== + |
|++ o o .o |
|ooo. . S |
|=.+. + |
| =o.+ |
|..Eo |
|. . |
+----[SHA256]-----+
此时 C:\Users\用户名\.ssh 下会多出两个文件 id_rsa 和 id_rsa.pub
id_rsa 是私钥
id_rsa.pub 是公钥
再次回到服务端 Git 打开 RSA 认证
进入 /etc/ssh 目录,编辑 sshd_config,打开以下三个配置的注释:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
保存并重启 sshd 服务:
/etc/rc.d/init.d/sshd restart
或
systemctl restart sshd.service
由 AuthorizedKeysFile 得知公钥的存放路径是 .ssh/authorized_keys,实际上是 $Home/.ssh/authorized_keys,由于管理 Git 服务的用户是 git,所以实际存放公钥的路径是 /home/git/.ssh/authorized_keys
pwd
# /home/git
mkdir .ssh
ls -a
# . .. .bash_logout .bash_profile .bashrc .gnome2 .mozilla .ssh
然后把 .ssh 文件夹的 owner 修改为 git
chown -R git:git .ssh
将客户端公钥导入服务器端 /home/git/.ssh/authorized_keys 文件
ssh git@ipaddress 'cat >> .ssh/authorized_keys' < ~/.ssh/id_rsa.pub
成功后回到服务端查看一下是否存在 authorized_keys 文件
服务端修改权限
修改 .ssh 目录的权限为 700
修改 .ssh/authorized_keys 文件的权限为 600
chmod 700 .ssh
cd .ssh
chmod 600 authorized_keys
禁止 git 用户 ssh 登录服务器
vim /etc/passwd
找到:
git:x:502:504::/home/git:/bin/bash
改为
git:x:502:504::/home/git:/bin/git-shell
再次 clone 远程仓库
git clone git@ipaddress:/home/data/git/gittest.git
配置客户端提交后自动同步到根目录
修改仓库配置
cd PATH/git/gittest.git/hooks
vim post-receivecd
写入以下内容(WWWPATH 是你项目的根目录)
#!/bin/sh
GIT_WORK_TREE=WWWPATH git checkout -f
保存成功后修改写入权限
chown -R git:git post-receive
chmod +x post-receive
创建项目根目录(WWWPATH)
mkdir WWWPATH -p
# 项目根目录的文件夹权限
sudo chown -R git:git WWWPATH
限制git用户使用ssh登录服务器
$ cat /etc/shells # see if `git-shell` is already in there. If not...
$ which git-shell # make sure git-shell is installed on your system.
$ sudo vim /etc/shells # and add the path to git-shell from last command
$ sudo chsh git -s $(which git-shell)