Reputation: 22324
What is the best way to secure a shared git repo for a small distributed team?
We have a Scala project and we decided to use git. The problem is we are a very small distributed team and we want nobody outside of the team to have even the read only access to our git server (which has a valid IP and is world-accessible in the IP level). I have heard the git-daemon has no authentication mechanism by itself and you should somehow integrate it with ssh or something. What is the best (and easiest) way to make the git server respond only to authorized users ? Or perhaps git-daemon is not for this task ? I may add that I am looking for a simple and straightforward approach. I don't want to compete with github ;-)
Upvotes: 8
Views: 2767
Answers (6)
Reputation: 91
@KirPiCH: gitosis is unmaintained, and effectively abandoned.
Gitolite is maintained, has a dozen features more than gitosis, and the author actually responds to emails!
[ps: I know this because I am the author ;-)]
Upvotes: 9
Reputation: 399
Gitosis is great and lightweight access control system for git. Allows for read/write or read-only access control on the granularity of the repo. Easier to setup then Gitolite. Read the README for setup instructions
Upvotes: 2
Reputation: 67047
If you're in a windows environment, you could simply set up a share that holds your bare repo and use windows' built in mechanisms for access control to the said share. No managing of any keys, your company will do the management of user accounts and stuff.
Upvotes: 2
Reputation: 1323933
Gitolite is a less straight-forward way to protect a "central" repository, but:
- its installation is quite simple, and it will take care of read/write access based on ssh public keys registered in the
authorized_keysof thegitoliteaccount on the central server.
You can initiate its installation right from your local workstation (it will copy what it needs to the server, provided you have ssh access to said server) - it certainly don't compete with GitHub ;)
Upvotes: 6
Reputation: 4444
Use ssh's authentication, and exclusively so (disable git-daemon). git clone company.server.com:/srv/git/myproject is not any harder to use than other protocols.
Upvotes: 1
Reputation: 15976
Run GIT local to the box,for example at 127.0.0.1:1234
Then have apache route requests from the outside to that local instance.
Apache will take care of the ssl.
Upvotes: -1
Related Questions
- Git strategies for a partially sharing a repo
- How to make private GitHub repo available to other organization team members?
- How to secure the git repo on a live server
- How to set up a git server where users only have access to their repositories?
- Using Git/Github properly when working on a team
- Securing a Git Repository
- Whats the best way to use a git repo for collaborators?
- Git workflow for small web team
- Centralized git for a group
- Gitting with a team