Setting up your Private Remote Git Repository
So you need a private remote git repository for collaborative, backup or convenience reasons. You have your local repository setup and now you want another repository in the cloud. Recently, a few moments ago, I started this task and here I am about an hour and a half later sitting a little frustrated and annoyed. Still not knowing whether my git remote is working seamlessly. So let me save you some time…
Has your server security measures / paranoia ever bitten you in the butt? Well good that means you’re doing well.
Security First and Foremost
As a wise server administrator you have installed fail2ban and denyhosts on your server and configured them with severe measures, such as max 3 retries for ssh attempts. Fail2ban scans log files for too many attempts from a specific IP of a specific protocol, so if there is even an inkling of a password brute force attempt on one of your hosted sites or over secure shell the offending IP will be banned in an instant. DenyHosts is similar but focuses primarily on thwarting ssh dictionary attacks. Now if you have ever gazed upon
/var/log/auth.log. You will know that our collective paranoia has some backing.
These are great tools and I was sent packing by fail2ban after 3 failed attempts, and my ssh session was cut short prematurely. Shame and I had set the lockout time to 600 hours or 25 days. If this ever happens to you on a static ip, you needn’t worry, just wait the 25 days. Otherwise if you are on a dynamic ip as most home adsl services are on you can wait to get new details via DHCP or force new deets. Otherwise you can ssh into another machine somewhere on the interwebs and then ssh into your server from their. As fail2ban and denyhosts used iptables (linux firewall) you will use the following commands to unblock yourself…
to see the offending ip’s and spot your own
taken from: HowtoForge
Preventing the Ban
So yes great tools, but why was I locked out. Well I had created a user for the git repository, namely git. However when you first configure ssh (an inherent package of linux), you configure it in
/etc/ssh/sshd_config specifying the port, protocol, whether to permit root logins and also specify users to allow. After creating the git user, I forgot to do this and when the repository was being pushed locally to remote, after 3 attempts I was locked out. So REMEMBER TO ALLOWUSER IN SSHD_CONFIG. Oh AND REMEMBER TO RESTART SSH FOR CHANGES TO TAKE EFFECT.
Setting up Your Private Remote Git Repository Debian Wheezy
Generate SSH Key
//if exists id_rsa.pub
clip < ~/.ssh/id_rsa.pub
ssh-keygen -t rsa -C "firstname.lastname@example.org"
//enter passphrase (Remember to Remember)
clip < ~/.ssh/id_rsa.pub
Create a User for Git
don’t know if this is entirely necessary…
//userdel -r git, if you made a mistake
Send id_rsa.pub to the server
scp ~/.ssh/id_rsa.pub gituser@server_ip:./
Log in as git
Append to servers authorized keys
cat id_rsa.pub >> /home/git/.ssh/authorized_keys
Add a remote to your local git repository
git remote add [shortname] [url]
git remote add origin email@example.com
Initialise the Repo on Server
git init --bare repo.git
Push your local to remote
git push [remote] [branch]
git push origin master
if it asks for a password you are doing it wrong, as you have set up ssh keys for that very reason, not using a password. You should just need that passphrase that you remembered.
Permissions of folder should be git:git and 775.