Public | Automated Build

Last pushed: a year ago
Short Description
Short description is empty for this repo.
Full Description

git-ssh-server

A minimal GIT server.

Build instructions

git clone https://github.com/unixtastic/git-ssh-server
docker build -t 'unixtastic/git-ssh-server' .

Usage instructions

To run this first create a data directory on your docker host to hold git data, ssh authentication,
and possibly git-shell-commands.

mkdir /docker_data/git

Run the container.

docker run -d -p 2222:22 -v /docker_data/git:/git unixtastic/git-ssh-server

You may substitute '2222' with any port number of your choosing.

Add users

Setup SSH:

cd /docker_data/git
mkdir .ssh
chown -R 987:987 .ssh
chmod -R 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

Add user public keys to .ssh/authorized_keys just like you would do for 'normal' SSH.

touch /docker_data/git/.hushlogin to prevent login banners that can confuse git.

Setup repos

mkdir /docker_data/git/mynewproject.git
cd /docker_data/git/mynewproject.git
git --bare init
chown -R 987:987 .

Clone the repo from a client:

git clone ssh://git@myserver:2222/git/mynewproject.git

Setup git-shell-commands

mkdir /docker_data/git/git-shell-commands
chown 987:987 /docker_data/git/git-shell-commands
chmod 700 /docker_data/git/git-shell-commands

Add your commands to the above directory. You might want to start with list, which
you can find under /usr/share/doc on most git client machines.

Notes

The SSH host keys are generated at the first run of each new container. This will confuse some git clients and really should be changed.

Docker Pull Command
Owner
unixtastic
Source Repository

Comments (21)
gumijason
2 years ago

I fooled with this for a couple of days, and realized that the sshd service wasn't starting up. Even adding "RUN sv stop sshd && sv start sshd" to the bottom of the Dockerfile did not fix it.

So, I changed the CMD to be ("/usr/sbin/sshd", "-D") and it worked right first time. I don't know what the other services were supposed to do, but the one thing that needed to happen on startup was get SSH going, and that wasn't working without manually launching it after the image booted up. Hope this helps someone, or somebody can give a proper fix.

emilkh
2 years ago

Hi, I am still a bit of a n00b with Docker, so this may be a silly question. I have pulled and started this image, but whenever my server has been restarted, I need to attach the image with bash and do a "service ssh start" in order to be able to get in contact with the SSH server. What am I doing wrong?

joshes
3 years ago

I was hoping that was it but unfortunately, still no joy. I did get a bit more time to look into this tonight and found the culprit I believe.

After I ran the following:

docker run -p 2222:22 -v $(pwd)/data/git:/git unixtastic/git-ssh-server ls -la /git

I was met with the following:

$ docker run -p 2222:22 -v $(pwd)/data/git:/git unixtastic/git-ssh-server ls -la /git
total 4
drwxr-xr-x  1 1000 staff  170 Feb  8 01:56 .
drwxr-xr-x 65 root root  4096 Feb  8 01:56 ..
-rw-r--r--  1 1000 staff    0 Feb  8 01:56 .hushlogin
drwx------  1 1000 staff  102 Feb  8 01:56 .ssh
drwxr-xr-x  1 1000 staff  340 Feb  8 01:56 config-repo.git

chown isn't working correctly via boot2docker it seems. After finding this out, I found this issue on the boot2docker github issues list:

https://github.com/boot2docker/boot2docker/issues/581

The suggested workaround is to use a Docker volume container which I'm not familiar with (but will be soon). Will update you once I get that up and running. If you have any advice/words of wisdom I'm all ears though. :)

Thanks!

unixtastic
3 years ago

Phusion seems to have changed. It's not generating the SSH host keys without a '-f'. I'll update the Dockerfile.

unixtastic
3 years ago

Joshes,

This appears to be SElinux evil-ness. Run the following command on the host and it should work:

chcon -Rt svirt_sandbox_file_t /docker_data/git

Pls let me know if this fixes it for you so I can update the readme.

joshes
3 years ago

Thanks for the quick response! No joy unfortunately. I will continue to debug - will update here if I find the reason.

unixtastic
3 years ago

Joshes,

I'm not sure why SSH authentication is failing for you. It MAY be that .ssh/authorized_keys has the wrong ownership or permissions. Please try chown -R 987 .ssh and chmod -R 700 .ssh. If that works I'll update the instructions.

joshes
3 years ago

Not sure whether this is something specific to boot2docker or not, but its my only guess at this point. I've been trying for the last few hours to get this running on my laptop (Mac + boot2docker (v1.3.2)) and I can't get the users added.

I've set up the configuration in a bash script as follows which looks good based on your instructions:

mkdir -p data/git/.ssh
cd data/git
touch .ssh/authorized_keys
touch .hushlogin
cat ~/.ssh/id_rsa.pub >> .ssh/authorized_keys
chown 987 .ssh
chmod 700 .ssh
mkdir config-repo.git
cd config-repo.git
git --bare init
chown -R 987:987 .

Afterwards running your image (from same directory as the commands above were executed in) with:
docker run -d -p 2222:22 -v $(pwd)/data/git:/git unixtastic/git-ssh-server

Then I get the following when I try to clone:
git clone ssh://git@localhost:2222/git/config-repo.git
Cloning into 'config-repo'...
git@localhost's password:

Wondering if there's something obvious I'm doing wrong or if it's a limitation of boot2docker maybe...?

unixtastic
3 years ago

jcfandino,

Thanks for letting me know. I've updated the Dockerfile to set a long random password for the git user.

Stephen

jcfandino
3 years ago

Hi, thanks for this image, it's very useful.

I ran into a problem, the git account appeared to be locked and I got these messages in /var/log/auth.log

  Dec  7 20:45:18 6e553b1bdbdf sshd[422]: Connection from 192.168.0.16 port 47297 on 172.17.0.3 port 22
  Dec  7 20:45:19 6e553b1bdbdf sshd[422]: User git not allowed because account is locked
  Dec  7 20:45:19 6e553b1bdbdf sshd[422]: input_userauth_request: invalid user git [preauth]
  Dec  7 20:45:20 6e553b1bdbdf sshd[422]: error: Could not get shadow information for NOUSER
  Dec  7 20:45:20 6e553b1bdbdf sshd[422]: Failed password for invalid user git from 192.168.0.16 port 47297 ssh2

Apparently it needed a password to be set, so I ran:

  docker exec 6e553b1bdbdf usermod -p nopass git

and got it working.