How to prevent git user from ssh login?

E

ekaragodin2012-04-01 03:47:25

git

ekaragodin, 2012-04-01 03:47:25

There is OpenSSH, the repository address looks like this [email protected]:/home/git/project.git. Key authorization. How to make it so that they can commit, but not access the server via ssh.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

E

EvilShadow, 2012-04-01
@ekaragodin

Use gitolite, it's made for just such cases.

O

Oreolek, 2012-04-02
@Oreolek

Set as a shell to git-shell users. Allows you to work with git, but firmly prohibits all other operations.

L

laQie, 2012-04-01
@laQie

usermod -s `which nologin` LOGIN

B

Boris Syomov, 2012-04-01
@kotomyava

You can create a group for these users, describe the block in the sshd config for this group:
Match Group gitusers
ForceCommand git_restricted
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
Where git_restricted is a script in your favorite language that will analyze the command that the user tried to run, and which will be in the SSH_ORIGINAL_COMMAND environment variable, and if it is one of the required commands (git-receive-pack, git-upload-pack, git-upload-archive) it will execute it with the required arguments.
If you search, there are ready-made solutions. Although writing something is not a problem.