aboutsummaryrefslogtreecommitdiffstats

Description

This repository is a quick setup to allow readonly and readwrite access for git-only through ssh. It is simple but should be secure. You can review the script for security as it is really short.

sudo adduser --home /home/git --no-create-home --shell /bin/sh --gecos 'git version control' --disabled-password git sudo mkdir /home/git sudo chown git:git /home/git sudo chmod 2770 /home/git sudo cp path/gitcmd /home/git/ sudo gpasswd -a calendros git

in /etc/ssh/sshd_config:

Match User git
X11Forwarding no AllowTcpForwarding no AllowAgentForwarding no PermitTunnel no GatewayPorts no PermitTTY no Banner "Only git access allowed" AuthorizedKeysFile /etc/ssh/git_keys

in /etc/ssh/git_keys

# usage: restrict,command="./gitcmd username" key # then create a ~git/username.listro for authorized repositories

username.listro with username replaced with the username given at the gitcmd argument at the front of the ssh key contains a list of repositories directory for read-only access. username.listrw contains a list of read-write access.

git directories are created with git init --bare <reponame>

Example of directory structure:

in /home/git:

$ tree --dirsfirst -L 2 . ├── <reponame> │   ├── branches │   ├── hooks │   ├── info │   ├── objects │   ├── refs │   ├── HEAD │   ├── config │   └── description ├── <username>.listrw ├── <username>.listro ├── create-repo └── gitcmd

6 directories, 8 files

License

Unless specified otherwise, this project is licensed under the terms of the MIT license. You should have received a copy of the MIT License along with this program. If not, see <https://opensource.org/licenses/MIT>.

SPDX-License-Identifier: MIT

Copyright © 2016 vg <vg@devys.org>

Contact

developer
vg
mail
vg@devys.org