%BOOK_ENTITIES; ]>

Git, a distributed version control system, can be used to transfer software and other files to remote systems. By configuring the remote system to pull content from a git repository on a schedule, deployment can be accomplished with a simple local merge. Configuring the system that hosts the repository to restrict access from the remote system enhances security without affecting the method's usefulness.

Two computers running Fedora with a working network connection. Git installed on both systems, and a git repository on one. A dedicated user account. A dedicated SSH authentication key

Create and configure a new user account to use for the transfer. For security reasons, this account will only be allowed to interact with git. First, identify the path to your git repository. Store it in a shell variable, for convenience. repo_directory=/srv/repos/my-project.git Create the user account. useradd --home $repo_directory --shell /usr/bin/git-shell puller The options given to useradd restrict the user's account. Refer to the explanation below, and man useradd for further insight. --home $repo_directory - sets the account's home directory as the repository, using the shell variable from the previous step. --shell /usr/bin/git-shell - Sets the login shell to git shell, a special utility provided with git that will only allow the user to execute git commands. puller - The name of the user to create. Name the account something that will remind you of its purpose. Copy the public half of your ssh key into the user's home directory. mkdir $repo_directory/.ssh/ cp puller_id_rsa.pub $repo_direcory/.ssh/ Give the user read only access to the repository You can add the ssh public key to your git repository to share it, or tell git to ignore they key with the instructions below. pushd $repo_directory echo ".ssh/" >> .gitignore git add .gitignore git commit -m "Ignore $repo_directory/.ssh" popd Configure the remote host to use your repository

Upstream Documentation