Categories
Github Server

Private Remote Git Repository Debian Wheezy and other stories from Hell

Setting up your Private Remote Git Repository

So you need a private remote git repository for collaborative, backup or convenience reasons. You have your local repository setup and now you want another repository in the cloud. Recently, a few moments ago, I started this task and here I am about an hour and a half later sitting a little frustrated and annoyed. Still not knowing whether my git remote is working seamlessly. So let me save you some time…

Has your server security measures / paranoia ever bitten you in the butt? Well good that means you’re doing well.

Security First and Foremost

As a wise server administrator you have installed fail2ban and denyhosts on your server and configured them with severe measures, such as max 3 retries for ssh attempts. Fail2ban scans log files for too many attempts from a specific IP of a specific protocol, so if there is even an inkling of a password brute force attempt on one of your hosted sites or over secure shell the offending IP will be banned in an instant. DenyHosts is similar but focuses primarily on thwarting ssh dictionary attacks. Now if you have ever gazed upon /var/log/auth.log. You will know that our collective paranoia has some backing.

These are great tools and I was sent packing by fail2ban after 3 failed attempts, and my ssh session was cut short prematurely. Shame and I had set the lockout time to 600 hours or 25 days. If this ever happens to you on a static ip, you needn’t worry, just wait the 25 days. Otherwise if you are on a dynamic ip as most home adsl services are on you can wait to get new details via DHCP or force new deets. Otherwise you can ssh into another machine somewhere on the interwebs and then ssh into your server from their.  As fail2ban and denyhosts used iptables (linux firewall) you will use the following commands to unblock yourself…

iptables -L

to see the offending ip’s and spot your own

iptables -D

taken from: HowtoForge

Preventing the Ban

So yes great tools, but why was I locked out. Well I had created a user for the git repository, namely git. However when you first configure ssh (an inherent package of  linux), you configure it in /etc/ssh/sshd_config specifying the port, protocol, whether to permit root logins and also specify users to allow. After creating the git user, I forgot to do this and when the repository was being pushed locally to remote, after 3 attempts I was locked out. So REMEMBER TO ALLOWUSER IN SSHD_CONFIG. Oh AND REMEMBER TO RESTART SSH FOR CHANGES TO TAKE EFFECT.

Setting up Your Private Remote Git Repository Debian Wheezy

Private Remote Git Repository: The Holy Grail

Generate SSH Key

cd ~/.ssh
//if exists id_rsa.pub
clip < ~/.ssh/id_rsa.pub
//else
ssh-keygen -t rsa -C "your_email@example.com"
ssh-add id_rsa
//enter passphrase (Remember to Remember)
clip < ~/.ssh/id_rsa.pub

Create a User for Git

don’t know if this is entirely necessary…

adduser git
//userdel -r git, if you made a mistake

Send id_rsa.pub to the server

ftp or

scp ~/.ssh/id_rsa.pub gituser@server_ip:./

Log in as git

su git

Append to servers authorized keys

cat id_rsa.pub >> /home/git/.ssh/authorized_keys

Add a remote to your local git repository

git remote add [shortname] [url]
git remote add origin git@server.co.za

Initialise the Repo on Server

git init --bare repo.git

Push your local to remote

git push [remote] [branch]

git push origin master

if it asks for a password you are doing it wrong, as you have set up ssh keys for that very reason, not using a password. You should just need that passphrase that you remembered.

Remember Permissions

Permissions of folder should be git:git and 775.

Sources:

Digital Ocean Git

Merkados Git

Git SCM Remotes

Stackflow Git

Bonus: Show branch and colour in bash