Git hosting with gitolite

Git LogoNow that Xcode has native support for Git repositories, I finally decided to migrate my private Mercurial repository to Git. I have always been running my source code repository on my own server and I want to keep this practice with Git. When searching for options on how to setup a private Git repository, Gitolite seemed like a nice option.

In this small howto I will describe how I have setup Gitolite on my Ubuntu 8.04 server. Please note, that Ubuntu has included Gitolite in the 10.10 release, so that the installation is even simpler now. I will describe the manual installation procedure for Ubuntu releases prior to 10.10.

The first step is to install the git software on the server:

sudo aptitude install git-core

Please not, that gitolite neads at least version 1.6.2 of git. If your distribution contains an older version (this is the case with Ubuntu 8.04), use a backport package, or install git via source.

Now we need a user account which will be used to run gitolite. The user will not be able to login via password authentication, we will only allow certificate based authentication:

sudo adduser --system --group --disabled-password --shell /bin/bash --home /home/git git

This user needs to have certificate based SSH access. So we need to create a certificate we can use to login to the server. This is done on your local machine, for example on the development box:

cd ~/.ssh
ssh-keygen -t rsa -f id_rsa_git

When prompted for a password, just press enter to enable passwordless logins. It is recommended that you activate a password for this account after the gitlite installation, as this certificate enables a login to the shell on your server. This can be done via ssh-keygen -p.

The user account on the server now needs to register the public key, to enable login with the new certificate. Log on to your server, change to the new user git and follow these steps:

mkdir .ssh
chmod 700 .ssh
cd .ssh
touch authorized_keys

Now edit the file authorized_keys and add the contents of the created file from the local machine to the authorized_keys.

Before you can log in with that user, it could be possible that you need to add that user to the file /etc/ssh/sshd_config in the setting AllowUsers. This depends on the setup of your ssh daemon. After changes to this file, you need to restart the ssh daemon.

Now check, if you can login from the local machine with your new certificate (replace SERVERNAME.COM with the address of your server):


The following steps are done on your local machine.

Get the current version of gitolite and start the installation wizard:

git clone git://
cd gitolite/src
./gl-easy-install git SERVERNAME.COM gitadmin

gitadmin will be the username to administer the gitlite installation. The installation wizard will ask you some questions. Generally you can accept the default options.

I experienced a problem towards the end of the wizard. It complained that the default identity has not been set. This is an error from the server. You can get rid of it by logging in to the server as the git user and then setting the identity in the git config:

git config --global ""
git config --global "Your Name"

The installation wizard will setup gitolite in the home directory of the git user on the server. It will create a new certificate for the user gitadmin which can be used to administer the gitolite settings.

After the wizard has finished, there will be a new directory gitolite-admin in your home folder on the local workstation. You can add user certificates and create git repositories inside this directory by copying the public keys and editing the config files. When done, push the changes to your server and the configuration is active.

Users will not get shell access to the server. When they try to login via ssh with the certificate they will only get a list of all repositories they may access. With gitlite you now have the option to add a number of users without the need to create accounts on your server.

Further information on how to setup the gitolite server can be found in the documentation.

Leave a Reply