ssh is too “powerful” for a remote git repository? how to setup permission?
Question
I create a ssh server on my suse box,basically I just want it to serve as a git server using ssh, but when I login with ssh name@server I can look at my home/repo directory, that's normal, but I can even check the file from other user such as home/steve which I don't want it to, How to setup the user repo to only have access to git directory? say home/repo/repository.git ? or just files from /home/repo ?
I've disabled the "permit Root Login" from Yast2-sshd configuration tool (basically just a tool to edit /etc/sshd/sshd_config )",but it seems that's not enough.
2 answers
solution1
1 2012-08-15 11:37:47
If you set the user's shell to be git-shell , they can do nothing but run git commands.
If you don't need fine-grained permissions, then you don't need gitolite or similar
solution2
0 ACCPTED 2012-08-15 10:21:08
ssh is too powerful in that it allows for an interactive session.
A giZm0 mentions , gitolite is an authorization layer that can leverage the authentication provided by ssh and allows for a fine-grained level of access control over your repositories.
It is just a perl script, which can set itself in the ~/.ssh/authorized_keys file in order to intercept any git command, and validate them against a simple text config file.
This takes advantage of an ssh feature (nothing to do with git), called forced command .
Note: gitolite can also be linked with an httpd server: see " Why do you need Gitosis or Gitolite? " or " git on HTTP with gitolite and nginx " for more.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.