Private Git Repositories

Posted on Jul 17, 2025

For some reason, I’m uncomfortable keeping my private Git repositories on Microsoft Github, so I keep them on one of my servers and push/pull from my development laptop.

Here’s how I do that.

Current: ssh using my own user

My git repositories are in a directory on my file server, and the repositories and their directory are owned by poirier.

I have a poirier user on a new VM that has that directory as its home directory, and my public SSH key in its authorized_keys file.

Now I can just access my repositories as poirier@vmhostname:repository.git. E.g.

git remote add poirier poirier@vmhostname:repository.git
git pull poirier main
git push poirier main

If I need a new repository, I can’t just make up a name and push to it like I did with Gitolite. But it’s not too bad (and I’m putting the command here in part so I can refer back to it). Here’s what I do:

ssh poirier@vmhostname git init --bare repository.git

Past: Gitolite

I knew Gitlab was way overkill for my needs, so I used gitolite for a while. I simplified its working a bit by not bothering with a git repo for the administration.

It got to be a lot of trouble, though. Every time I set it up or moved it, I’d have permissions problems that were nearly impossible to debug. I had no idea what the various hooks that Gitolite was using were doing.

Eventually, I decided to look for something even simpler.

More recent but still past: git and ssh git user

It turns out that you don’t need a third-party piece of software to do this at all. This was my starting point for this iteration: https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server

Even that turned out to be overkill for me, though.

The approach described there was to create a git user that would own the repositories, then for each real user who needed access to the repositories, add that user’s ssh public key to the authorized_keys of the git user. With that set up, the users can push and pull to git@hostname:path/to/repository.git.

You can also restrict the git user to only git-related activities by forcing its shell to be git-shell and otherwise disabling login. That seemed like the right thing to do, so I did it.

But here’s the annoying bit for me:

Note that someone must shell onto the machine and create a bare repository every time you want to add a project.

It seemed like the only way to do this was ssh in as a user other than git (since git has no shell), sudo to root, create the repository, then change its owner to git. That’s a nuisance, and inelegant to boot.