安装 git-2.24.1
准备工作1:下载安装包及相关依赖,git有几个依赖 openssl openssl-devel curl-devel expat-devel,已安装的不用重复安装
[root@localhost ~]# wget https://github.com/git/git/archive/v2.24.1.tar.gz
[root@localhost ~]# yum install expat-devel openssl openssl-devel curl-devel -y
编译安装
[root@localhost ~]# tar zxvf v2.24.1.tar.gz
[root@localhost ~]# cd git-2.24.1/
[root@localhost git-2.24.1]# make prefix=/usr/local/git all
[root@localhost git-2.24.1]# make prefix=/usr/local/git install
[root@localhost git-2.24.1]# cd ..
配置环境变量,添加git用户和组(禁用shell登录)
[root@localhost ~]# echo "export PATH=$PATH:/usr/local/git/bin" >> /etc/bashrc
[root@localhost ~]# source /etc/bashrc
[root@localhost ~]# groupadd git
[root@localhost ~]# useradd git -g git
[root@localhost ~]# su - git
[git@localhost ~]$ cat /etc/passwd |grep git
git:x:1002:1002::/home/git:/bin/bash
至此,git服务安装完成!
安装报错及处理办法
git-compat-util.h:283:25: 致命错误:openssl/ssl.h:没有那个文件或目录
yum install openssl openssl-devel -y
http.h:6:23: 致命错误:curl/curl.h:没有那个文件或目录
yum -y install curl-devel -y
http-push.c:22:19: 致命错误:expat.h:没有那个文件或目录
yum install expat-devel -y
Git服务器配置
创建证书登录
添加证书之前,还要做这么一步: Git服务器打开RSA认证 。在Git服务器上首先需要将/etc/ssh/sshd_config中的RSA认证打开,即将sshd_config文件中下面几个的注释解开
1. RSAAuthentication yes
2. PubkeyAuthentication yes
3. AuthorizedKeysFile .ssh/authorized_keys
所以我们在/home/git下创建.ssh目录,然后创建authorized_keys文件,再设置私钥,创建公钥
[root@localhost ~]# su - git
[git@localhost ~]$ cd /home/git/
[git@localhost ~]$ mkdir .ssh
[git@localhost ~]$ chmod 700 .ssh
[git@localhost ~]$ touch .ssh/authorized_keys
[git@localhost ~]$ chmod 600 .ssh/authorized_keys
[git@localhost ~]$ cd ~/.ssh
[git@localhost .ssh]$ ll
总用量 0
-rw-------. 1 git git 0 12月 21 06:55 authorized_keys
[git@localhost .ssh]$ ssh-keygen -t rsa -C "xxx@gmail.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/git/.ssh/id_rsa): authorized_keys
authorized_keys already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in authorized_keys.
Your public key has been saved in authorized_keys.pub.
The key fingerprint is:
SHA256:sBSBC4rSnkFUgZBkNKN1eerEewgAhmXLL2UvxieEHK8 xxx@gmail.com
The key's randomart image is:
+---[RSA 2048]----+
|B%*o++o. |
|B=**o .. |
|o==o=+o |
|+ +B=o o |
|..E**o+ S |
| oo++. |
| . |
| |
| |
+----[SHA256]-----+
[git@localhost .ssh]$ ll
总用量 8
-rw-------. 1 git git 1766 12月 21 06:59 authorized_keys
-rw-r--r--. 1 git git 403 12月 21 06:59 authorized_keys.pub
[git@localhost .ssh]$ cat authorized_keys.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkzB8FpT6oVnVhhwp3vd7EsXICgiLwMnlyM8/If9Rh8sfiWKOWbQK2tUsLi9H6SEdpolNyUwdM/+gfkMGYJz2Kjw7IUESJol5WGK+DSNkM2NLF8k/Z2VVSHKE06Crgq+94NTwgGpukZ2o0oTeZjEELMC62RvC9bS+ALv+y7Au87fiOcdeOG2+uR0T1OZIeDSF4zEsnSVAw+PumXptol8oGqiA2jqTDfoeF28tC4JkYviMdTGegSzpDOC4sK0N/+ZZAMznetlXst7iTtIFSbnnFA7pXdovPF8zfxa8hlQjejomYD7mx6i0tSDzRofMwveOdUFKTXgZqEBTc9ZA1KNnT xxx@gmail.com
上面的authorized_keys.pub即为生成的公钥,将公钥内容拷贝到 github中,
登录http://github.com,鼠标移到右上角的图标进入个人设置页面,title随便填,key填入cat authorized_keys.pub 如上输出的红色内容
Settings --> SSH and GPG keys --> New SSH key
最后一步,将私钥加入到本地计算机的ssh-agent 中,因为现在私钥存储在本地计算机中,但跟GitHub 建立连接的时候,实际上是本机计算机的 ssh-agent 与 GitHub 服务器进行通信,ssh-agent并不知道私钥存储在哪儿,所以要有以下操作
[git@localhost .ssh]$ ssh-add ~/.ssh/authorized_keys
Could not open a connection to your authentication agent.
[git@localhost .ssh]$ eval `ssh-agent -s`
Agent pid 43025
[git@localhost .ssh]$ ssh-add ~/.ssh/authorized_keys
Enter passphrase for /home/git/.ssh/authorized_keys:
Identity added: /home/git/.ssh/authorized_keys (/home/git/.ssh/authorized_keys)
[git@localhost .ssh]$ ssh-add -l
2048 SHA256:sBSBC4rSnkFUgZBkNKN1eerEewgAhmXLL2UvxieEHK8 /home/git/.ssh/authorized_keys (RSA)
一切准备就绪,测试与github的通信
[git@localhost .ssh]$ ssh -T git@github.com
如果连接成功,应该会有以下提示,这表明git服务搭建成功
Hi xxx! You've successfully authenticated, but GitHub does not provide shell access.
再切换到root用户,修改git权限,只允许ssh连接来推送和获取git仓库,禁止shell登录,将
git:x:1002:1002::/home/git:/bin/bash
改为
git:x:1002:1002::/home/git:/usr/local/git/bin/git-shell
[git@localhost ~]$ su
密码:
[root@localhost ~]# vi /etc/passwd
[root@localhost ~]# cat /etc/passwd |grep git
git:x:1002:1002::/home/git:/usr/local/git/bin/git-shell
错误一:没有将pubKey添加到github导致的验证失败
debug1: No more authentication methods to try.
Permission denied (publickey).
错误二:保存在本地计算机的私钥没有加入到本地计算机的ssh-agent 中
Could not open a connection to your authentication agent.
警告:将RSA连接的github IP和github.com域名持久绑定到hosts中(也可不理会)
Warning: Permanently added '
github.com,13.250.177.223' (RSA) to the list of known hosts.
[root@localhost ~]# vi /etc/hosts
加入以下内容在文件最后,保存退出
13.250.177.223 github.com