1. Generation of public key
Any engineer who needs to use a git server needs to generate a public key for ssh. Can be generated by ssh-keygen
~/.ssh$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/home/shizhen/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/shizhen/.ssh/id_rsa.Your public key has been saved in /home/shizhen/.ssh/id_rsa.pub.The key fingerprint is:a8:19:49:f4:e6:e8:4f:8f:3e:47:c9:19:4c:09:ee:7f shizhen@sz-desktopThe key's randomart image is:
First, you will be asked to enter the location where you want to save the public key, just press Enter, and then you will be prompted to repeat a password twice. If you don’t want to use the public key again, enter the password, just press Enter. After completion, two files id_rsa (private key) and id_rsa.pub (public key) will be generated in the .ssh directory under the home directory.
Send the generated public key, ie id_rsa.pub, to the manager of the git repository.
2. Set up the server
(1) Server side
It is best to create a git group, and then add a git user and add it to the group.
sudo adduser git
go water
cd ~
mkdir .ssh
Create a new .ssh directory in the git user, and add the developer's SSH public key to the authorized_keys file of the git user. If there are zhangsan, lisi two developers.
cat /tmp/id_rsa_zhangsan.pub >> ~/.ssh/authorized_keys
cat /tmp/id_rsa_lisi.pub >> ~/.ssh/authorized_keys
Create an empty repository
cd work
mkdir project.git
cd project.git
git --bare init
Using --bare will initialize a repository without any working directory and will not see the project source code.
In order not to make developers enter the IP address every time they clone the code, DNS can be used. The specific operations are as follows
sudo vim /etc/hosts
Add the following line inside
192.168.1.100 gitserver
(2) Developer side
If there is no warehouse, you need to create a new warehouse first. Execute the following commands in the directory where the repository needs to be created.
cd my_project
git init
git add . (Add all files to the repository)
git commit -m "initial commit"
git remote add origin
git@gitserver:/home/git/work/project.git
(即:
[email protected]:/home/git/work/project.git
)
git push origin master
If you already have a local warehouse, but want to push the code in it to our new server, you can use the following command directly
Create a new master branch of the branch code you want to push
git checkout -b master xxxxx
git push origin master
Such a simple server can work, and other developers can develop code directly from the server.
为了保护git服务器,限制开发者登陆服务器,可以采用如下的措施。
sudo vim /etc/passwd
在文件结尾找到这样的类
git:x:1001:1001:,,,:/home/git:/bin/bash
将其中的/bin/bash/改为/user/bin/git-shell
现在开发者只能通过SSH来推送和获取代码,不能登陆ssh服务端了。
3.问题
現在的 ssh 使用同樣的方法會出現錯誤訊息
Agent admitted failure to sign using the key
解決方式 使用 ssh-add 指令将私钥 加进来 (根据个人的密匙命名不同更改 id_rsa)
即各自的开发者执行命令
ssh-add id_rsa