Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Instructions for setting up git server on Synology Diskstation

Configure Synology NAS as Git Server

Instructions for setting up a git server on a Synology NAS with Diskstation. Specifically, I am using a DS414 with DSM 5.0.

Set Up User and Folder

  • Create user gituser via Diskstation interface (with File Station and WebDAV privilages)
  • Add new shared folder called git (located at /volume1/git) with read/write access for gituser and admin. This folder will hold all the repos.
  • Install Git Server package via Diskstation
  • Open Git Server and allow gituser permissions
  • Enable SSH access on Diskstation (Control Panel > Terminal & SNMP > Enable SSH Service)

Configure SSH Access

  • create ~/.ssh folder for gituser on server
ssh admin@diskstation.local
mkdir /volume1/homes/gituser/.ssh
  • copy public rsa key from local computer to gituser account on server
scp ~/.ssh/id_rsa.pub admin@diskstation.local:/volume1/homes/gituser/.ssh
  • connect via SSH as root and rename id_rsa.pub to authorized_keys on NAS (or append if already exists, cat id_rsa.pub >> authorized_keys)
ssh root@diskstation.local
mv /volume1/homes/gituser/.ssh/id_rsa.pub /volume1/homes/gituser/.ssh/authorized_keys
  • change permissions while logged in as root
cd /volume1/homes/gituser/
chown -R gituser:users .ssh
chmod 700 .ssh
chmod 644 .ssh/authorized_keys

Set Up New Repo on NAS

  • create bare repo as root
ssh root@diskstation.local
cd /volume1/git/
git --bare init <repo-name>.git
chown -R gituser:users <repo-name>.git
cd <repo-name>.git
git update-server-info

NOTE: I'm not entirely sure if git update-server-info must be run for each repo or just initially. It seems to work without running this command, but I'm suspcicious that it might cause problems later.

Add NAS as Remote for Local Repo

  • Clone repo from NAS
git clone ssh://gituser@diskstation.local/volume1/git/<repo-name>.git

References

http://blog.osdev.org/git/2014/02/13/using-git-on-a-synology-nas.html http://stackoverflow.com/questions/20074692/set-up-git-on-a-nas-with-synologys-official-package http://www.heidilux.com/2014/02/setup-git-server-synology-nas/

@gazgeek

This comment has been minimized.

Copy link

gazgeek commented Aug 19, 2015

Hey.

Just wanted to say thanks - this has been really helpful in getting git up and running on my DS415+.

I ran in to a couple of issues.

  • I had to specify --shared in the git init command otherwise I got errors about the config directory being inaccessible...

git init --bare --shared <repo-name>.git

  • I couldn't get the password-less login to work unless I set the authorized_keys permissions to 600...

chmod 600 .ssh/authorized_keys

Cheers!

@jerryfromearth

This comment has been minimized.

Copy link

jerryfromearth commented Sep 27, 2015

Hi,

Thanks for the post!

  • To make "password-less ssh" work, aside from @gazgeek's suggestion, I also find out that I need to change the permission of the user folder (that contains .ssh) to 755. Previously it was 711:
chmod 755 /home/gituser

Reference:
http://superuser.com/questions/736055/ssh-with-no-password-passwordless-on-synology-dsm-5-as-other-non-root-user

@jgudpns

This comment has been minimized.

Copy link

jgudpns commented Nov 6, 2015

Jeff - Trying to do this to my DS214, but I get stuck on understanding about how to get the rsa keys and where on my local (pc?) this would be.

Also - does "diskstation.local" by the name of the DS214?

@eyesuk

This comment has been minimized.

Copy link

eyesuk commented Jan 3, 2016

Does anyone know if this package includes jekyll functionality like github?

@natejlong

This comment has been minimized.

Copy link

natejlong commented May 13, 2016

@eyesuk You could add git commit hooks on the server so that it built the jekyll site on every push up to it. You could then symlink the output directory to the web folder on the NAS and follow the steps here

@ix-xerri

This comment has been minimized.

Copy link

ix-xerri commented Sep 19, 2016

There is no /volume1/homes/ directory. Any other options or do I have to create them?

@vanlooverenkoen

This comment has been minimized.

Copy link

vanlooverenkoen commented Nov 23, 2016

Is there any GUI I can use with this? because the shell isn't that practical

@robertveringa89

This comment has been minimized.

Copy link

robertveringa89 commented Jan 27, 2017

Thank you for this!

@greyshine

This comment has been minimized.

Copy link

greyshine commented Feb 5, 2017

Thank you for your post.
I do stumble with "Open Git Server and allow gituser permissions".
I do not find anything to edit anything with the installed Git server.

As I understand it from your explanation, there is a Git-Server/Settings/Users navigation path to manage/add users.

Note: I just found it. I always looked at the installed packages in the Package Center. But it is located at the "Main Menu". The place where all installed applications have their starting home.
synology-gitserver

Another issue I watched (if I got it right):
It is metioned that git update-server-info is somewhat needed; probably also or instead it is needed to set the chown again. I had the 'feeling' that the git server places new files into his .git folder with root:root ownershipwhich breaks the git commands executed as/from client.

@ockertbotha

This comment has been minimized.

Copy link

ockertbotha commented Feb 10, 2017

ssh as root is no longer supported
ssh root@diskstation.local

Instead:

ssh admin@diskstation.local
sudo -i

https://www.synology.com/en-us/knowledgebase/DSM/tutorial/General/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet

@ahmadalbakri

This comment has been minimized.

Copy link

ahmadalbakri commented May 13, 2017

git clone ssh://gituser@diskstation.local/volume1/git/< repo-name >.git

Can be shorten to -> git clone ssh://diskstation/git/< repo-name >.git

How-to:

  1. change diskstation by editing ~/.ssh/config . Example https://mediatemple.net/community/products/grid/204644730/using-an-ssh-config-file

  2. symlink git in root(/) to target git folder as above /volume1/git

@aalaran

This comment has been minimized.

Copy link

aalaran commented Jul 5, 2017

git update-server-info saved me a headache. Thanks!

@jforstneric

This comment has been minimized.

Copy link

jforstneric commented Mar 3, 2018

There is no /volume1/homes/ directory. Any other options or do I have to create them?

I think this gets created when you first create a normal user through DSM. There's also a simlink in /var/services that points to /volume1/homes.

@byverdu

This comment has been minimized.

Copy link

byverdu commented Mar 21, 2018

When I was logging as admin using SSH was throwing the following error:

Could not chdir to home directory /var/services/homes/admin: No such file or directory

Which relates to:

There is no /volume1/homes/ directory. Any other options or do I have to create them?

I found a post that explains how to create the folder by enabling some settings in DSM https://www.chainsawonatireswing.com/2012/01/16/log-in-to-a-synology-diskstation-using-ssh-keys-as-a-user-other-than-root/

Basically go to Control Panel > User > Advanced > User Home > Enable user home service

🎉

Thanks for putting all this info together 🚀

@wdec

This comment has been minimized.

Copy link

wdec commented May 2, 2018

Useful instructions, but kept getting:

fatal: unable to access './config': Permission denied

When attempting to do any git operation on the DSM server.
What solved it was doing a:

chmod -R 766 <name_of_git_repo>.git

@on3nx

This comment has been minimized.

Copy link

on3nx commented Jun 5, 2018

i stuck here: scp ~/.ssh/id_rsa.pub admin@diskstation.local:/volume1/homes/gituser/.ssh
it said: /var/services/homes/admin/.ssh/id_rsa.pub: No such file or directory

@yongsunCN

This comment has been minimized.

Copy link

yongsunCN commented Jul 6, 2018

@on3nx You should copy from you local computer's directory ~/.ssh/id_rsa.pub, not your diskstation's directory. So open a new terminal that's not ssh'ed to your diskstation and try to find ~/.ssh/id_rsa.pub. If it's still not there, it means you need to generate a pair of rsa keys(private/public). For instance on mac you can follow these instructions: https://docs.joyent.com/public-cloud/getting-started/ssh-keys/generating-an-ssh-key-manually/manually-generating-your-ssh-key-in-mac-os-x

@anthonyekosky

This comment has been minimized.

Copy link

anthonyekosky commented Aug 17, 2018

I want to say thank you to everyone who has contributed in consolidating this information and putting all of this great information in one place. I am a recent SVN convert over to GIT and I was having a difficult time getting everything figured out. Over the last couple of weeks I've got it up and running on my own, and I'm excited to learn more and do more with GIT.

Thank you all again, it couldn't have been done without this article and the comments.

@riggs

This comment has been minimized.

Copy link

riggs commented Mar 22, 2019

On the latest versions of Synology, authorized_keys should have 600 permissions, .ssh and gituser should both have 711 permissions.

root@backup:/var/services/homes/git/.ssh# ls -la
total 12
drwx--x--x 2 git users 4096 Mar 21 17:25 .
drwx--x--x 3 git users 4096 Mar 21 17:24 ..
-rw------- 1 git users  381 Mar 21 16:55 authorized_keys
@dmurphyoz

This comment has been minimized.

Copy link

dmurphyoz commented Apr 3, 2019

Create repositories remotely using supported mechanism

Thank you for this guide! It is extremely useful. Thank you @walkerjeffd

The notes regarding permissions are very important in current Synology builds (thanks @gazgeek and @jerryfromearth).

However the usability needed improving

I was finding it annoying needing to use ssh to login to the Synology and run several commands so that I could create new repositories and do settings. Also I normally have admin disabled, as a security measure and only reenable when required (DSM Control Panel) so it was extra tedious.

To create NewRepo.git it could be as simple as running ssh gituser@diskstation.local "git-create-repository NewRepo.git" on your local machine.

This guide will show you how to setup repositories remotely with one command.

Note: this uses fully supported features and should work through DSM upgrades and Git version updates. It uses an ability in git-shell to specify additional commands. This guide shows you how to do it and how to use it. Everything is designed around cut and paste.

  1. Enable admin if it is disable and login in via ssh

ssh admin@diskstation.local

  1. Sudo to become root

sudo -u root bash

  1. Set the owner on the /volume1/git to be gituser.

chown -R gituser:user /volume1/git

  1. Go to ~gituser and then create a git-shell-commands directory in the home directory of gituser
cd ~gituser
mkdir ~gituser/git-shell-commands
  1. change the owner and permissions on ~gituser/git-shell-commands
chown gituser ~gituser/git-shell-commands
chmod 755 ~gituser/git-shell-commands
  1. create a no-interactive-login script to prevent interactive logins now that this functionality is enabled. To make things easy the following can be copy and pasted directly into the shell and it will create the file.
cat >~gituser/git-shell-commands/no-interactive-login <<\EOF
#!/bin/sh
printf '%s\n' "Hi $USER! You have successfully authenticated, but "
printf '%s\n' "there is NO interactive shell access."
exit 128
EOF

  1. create a help file to provide instructions or information. I put very little effort into this
cat >~gituser/git-shell-commands/help <<\EOF
#!/bin/sh
echo "Use ssh and command git-create-repository to create a new git repository on the Synology"
echo "The git repository will be placed in the git area and must use a name formatted as <repo-name>.git"
echo "The repository will be initialised and can then be used to push or pull data."
exit 1
EOF
  1. create the git-create-repository file to create new repositories as required.

This script does have error checking and some security features but if you are concerned later please delete or remove execution permissions later.

Check the GIT_HOME setting in this script and edit if required before cutting and pasting

cat >~gituser/git-shell-commands/git-create-repository <<\EOF
#!/bin/sh


# Creates a new git repository to use as source or target.
# 
# Set GIT_HOME to location of the git repositories
# 
if ! test $# -eq 1  
then
  echo >&2 Usage\: git-create-repository \<repo-name\>.git
  exit 1
fi
#
GIT_HOME=/volume1/git
NEW_REPO=$1
#
# Only alphanumeric and period (.) are allowed
# Space is not permitted as it breaks this script and presents a security risk
#
regex='^[0-9a-zA-Z.]*$'
#
if ! [[ "$NEW_REPO" =~ $regex ]]
then
  echo >&2 Illegal character provided in new repository name.
  echo >&2 Only alphanumeric and period are permitted.
exit 1
fi
#
#
# Check for .git ending
regex2='^.*\.git$'
if ! [[ "$NEW_REPO" =~ $regex2 ]]
then
  echo >&2 Usage\: git-create-repository \<repo-name\>.git
  exit 1
fi
#
#
if test -d $GIT_HOME/$NEW_REPO 
then
echo >&2 Can not overwrite or reset existing repository.
exit 1
fi
cd $GIT_HOME
exec git --bare init $NEW_REPO

EOF
  1. Change the user and permission on all the scripts in git-shell-commands directory to be owned by gituser and have read and execute permission only.
chown gituser ~gituser/git-shell-commands/no-interactive-login
chown gituser ~gituser/git-shell-commands/help
chown gituser ~gituser/git-shell-commands/git-create-repository
chmod 500 ~gituser/git-shell-commands/no-interactive-login
chmod 500 ~gituser/git-shell-commands/help
chmod 500 ~gituser/git-shell-commands/git-create-repository
  1. check everything is okay in ~gituser.

bash-4.3# pwd
/var/services/homes/gituser
bash-4.3# ls -la git-shell-commands/
total 12
dr-xr-x--- 1 gituser users 90 Apr 4 01:07 .
drwxr-xr-x 1 gituser users 86 Apr 3 21:39 ..
-r-x------ 1 gituser users 835 Apr 3 23:04 git-create-repository
-r-x------ 1 gituser users 304 Apr 4 01:07 help
-r-x------ 1 gituser users 143 Apr 3 19:36 no-interactive-login
bash-4.3#

  1. check the /volume1/git is ready. I have recycle bin on but #recycle may not exist in your directory

bash-4.3# ls -la /volume1/git
total 0
drwx------+ 1 gituser root 138 Apr 3 22:03 .
drwxr-xr-x 1 root root 664 Apr 3 04:32 ..
drwxrwxrwx+ 1 root root 8 Apr 3 04:33 @eadir
drwxrwxrwx+ 1 root root 22 Apr 3 04:33 #recycle
bash-4.3#

  1. Go back to your development host and check that things are operating correctly using the help command. I am using diskstation.local as the Synology host name. ssh -l gituser diskstation.local help

bash-4.3# ssh -l gituser diskstation.local help
Use ssh and command git-create-repository to create a new git repository on the Synology
The git repository will be placed in the git area and must use a name formatted as .git
The repository will be initialised and can then be used to push or pull data.
bash-4.3#

  1. Create a new git repository using git-create-repository.

Example is ssh -l gituser diskstation.local help "git-create-repository SynologyGitUsability.git"

bash-4.3# ssh -l gituser diskstation.local help "git-create-repository SynologyGitUsability.git"
Initialized empty Git repository in /volume1/git/SynologyGitUsability.git/
bash-4.3#

  1. Mirror an existing git repository into SynologyGitUsability.git. Use git push --mirror to populate. An example would be git push --mirror ssh://gituser@diskstation.local/volume1/git/SynologyGitUsability.git/

Remember to be in a directory containing a local git repository

bash-4.3# git push --mirror ssh://gituser@diskstation.local/volume1/git/SynologyGitUsability.git/
Counting objects: 20, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (20/20), done.
Writing objects: 100% (20/20), 3.65 KiB | 622.00 KiB/s, done.
Total 20 (delta 3), reused 0 (delta 0)
To ssh://diskstation.local/volume1/git/SynologyGitUsability.git/

  • [new branch] master -> master
    bash-4.3#
  1. recheck the git repositories in /volume1/git

bash-4.3# ls -la /volume1/git
total 0
drwx------+ 1 gituser root 186 Apr 4 02:08 .
drwxr-xr-x 1 root root 664 Apr 3 04:32 ..
drwxrwxrwx+ 1 root root 8 Apr 3 04:33 @eadir
drwxrwxrwx+ 1 root root 22 Apr 3 04:33 #recycle
drwx------+ 1 gituser users 98 Apr 4 02:08 SynologyGitUsability.git
bash-4.3#

  1. You can confirm data is being stored using disk usage on the directory /volume1/git. I added an Empty.git so you can see one without data

bash-4.3# du -sk /volume1/git/*
4 /volume1/git/#recycle
0 /volume1/git/@eadir
64 /volume1/Git/Empty.git
148 /volume1/Git/SynologyGitUsability.git
bash-4.3#

  1. Exit the admin account and you can lock it again if desired. Critical activities can now be managed remotely.

This is the end. So far...

I will be loading all this code onto Github and sharing code and details. Look at SynologyGitUsability in @dmurphyoz

@mahoromax

This comment has been minimized.

Copy link

mahoromax commented Apr 24, 2019

I am getting permission denied when I try to access with the gituser via ssh

via the Github for Windows bash, trying to clone the repo:
"Permission denied, please try again.
fatal: Could not read from remote repository."
Also tried to apply the method of dmurphyoz
But I'm also getting Permission denied after entering the password.

The git folder and all files withing have ownership of gituser:users

I get the feeling the SSH access isnt linked to the user on the nas ??

With my older users I can access the nas via SSH without any problems (same password)

@dmurphyoz

This comment has been minimized.

Copy link

dmurphyoz commented Apr 29, 2019

@mahoromax the most likely cause of issues with your gituser is the permissions. Check the following permission.

  1. gituser home directory (~gituser/. in bash) should be owned by gituser and have 711 permission rwx--x--x
  2. gituser .ssh directory in their home directory (~gituser/.ssh/. owned by gituser and 711 permissions rwx--x--x)
  3. the ssh authorized keys file in the .ssh directory (~gituser/.ssh/authorized_keys owned by gituser with 600 permissions rw-------).

For the git access check that the permissions on the git repository, the git directory and that git has been initialized.

  1. Check the permissions on the git directory and the git repository you are trying to access
    ls -la /volume1/git/.

The dot directory . should have the following permissions

drwx------+ 1 gituser root 186 Apr 4 02:08 .

The repository directory should have the following permissions

drwx------+ 1 gituser users 98 Apr 4 02:08 SynologyGitUsability.git

  1. Ensure git is pointing to the correct directory for git services

My example git repository is called SynologyGitUsability.git

cd SynologyGitUsability.git
git update-server-info

**If you don't yet have a git repository **

The following command sequence is the easiest to create one for testing. You will need to complete step two to update-server-info after creating the first git repository.

You need root or admin access.

  1. Sudo to gituser
    sudo -u gituser bash
  2. Change directory to git directory
    cd /volume1/git
  3. Create an empty git repository In this example I am calling it TestRepository. This would be the name it accessed as remotely

git --bare init TestRepository.git

Finally remember when adding the repository into windows, linux or OS X git tools you must use the full name TestRepository.git.

Tell if this helps or provide more details on what is going wrong. Good luck!

@mahoromax

This comment has been minimized.

Copy link

mahoromax commented May 6, 2019

Thank you for the detailed answer.
I double checked all the mentioned permissions (they were usually a bit higher, but I adjusted them to 700/600 to be sure)

Still cant access SSH via gituser
(Hi gituser! You have successfully authenticated, but there is NO interactive shell access. )
I try this via an SSH client (mobaxterm)
Nor clone the bare repo. (GIT for windows)
When I connect it also doesn't accept the SSH key, I get asked for password every time.
"Permission denied, please try again. fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists."
$ git clone ssh://gituser@192.168.2.100/volume2/git/nasgit.git
tried different paths without volume2/git and so on... always the same...

I found a note saying that SSH is only enabled for administrators users, where I enable SSH in the synology options.
Could that be related?

@dmurphyoz

This comment has been minimized.

Copy link

dmurphyoz commented May 23, 2019

The "NO interactive users" comes from the file ~gituser/git-shell-commands/no-interactive-login

This file is sourced by git-shell which is the assigned shell for gituser once it is associated with GIT.

You can remove this file

rm ~gituser/git-shell-commands/no-interactive-login

OR rename it

mv ~gituser/git-shell-commands/no-interactive-login ~gituser/git-shell-commands/no-interactive-login.HOLD

Remember to move it back or recreate once you are done.

I would login and check if you can initialise a repository using the commands

You need root or admin access.

Sudo to gituser
sudo -u gituser bash

Change directory to git directory
cd /volume1/git

Create an empty git repository In this example I am calling it TestRepository. This would be the name it accessed as remotely
git --bare init TestRepository.git

Finally remember when adding the repository into windows, linux or OS X git tools you must use the full name TestRepository.git.

Trouble shooting the requirement for password

First check what it is doing using the ssh client in verbose mode.

ssh -vvv gituser@192.168.2.100

You are looking for information on matching keys etc.

Be aware that it could be rejected because .ssh/authorized_keys does not exist or permissions are incorrect on the file or the .ssh directory on the Synology. You also need to be aware of name or IP address mismatches between files. If your id_rsa.pub file has an old hostname or IP address in it then this will not match.

The ssh client will require a password if you have created a password on your private key file on your local machine. It is difficult to remove this and not break other things, so i would recommend you creating another one.

ssh-keygen -t rsa -f gituser_rsa

Generating an ssh key on a mac os x

You will then need to append the gituser_rsa.pub file onto the .ssh/authorized_keys file.

Hope these things help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.