diff options
Diffstat (limited to 'readme.rst')
| -rw-r--r-- | readme.rst | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/readme.rst b/readme.rst new file mode 100644 index 0000000..f0dd8b5 --- /dev/null +++ b/readme.rst @@ -0,0 +1,80 @@ +Description +=========== + +This repository is a quick setup to allow readonly and readwrite access for +git-only through ssh. It is simple but should be secure. You can review the +script for security as it is really short. + + +sudo adduser --home /home/git --no-create-home --shell /bin/sh --gecos 'git version control' --disabled-password git +sudo mkdir /home/git +sudo chown git:git /home/git +sudo chmod 2770 /home/git +sudo cp path/gitcmd /home/git/ +sudo gpasswd -a calendros git + +in /etc/ssh/sshd_config: + +Match User git + X11Forwarding no + AllowTcpForwarding no + AllowAgentForwarding no + PermitTunnel no + GatewayPorts no + PermitTTY no + Banner "Only git access allowed" + AuthorizedKeysFile /etc/ssh/git_keys + +in /etc/ssh/git_keys + +# usage: restrict,command="./gitcmd username" key +# then create a ~git/username.listro for authorized repositories + +username.listro with username replaced with the username given at the gitcmd +argument at the front of the ssh key contains a list of repositories +directory for read-only access. username.listrw contains a list of read-write +access. + +git directories are created with git init --bare <reponame> + +Example of directory structure: + +in /home/git: + +$ tree --dirsfirst -L 2 +. +├── <reponame> +│ ├── branches +│ ├── hooks +│ ├── info +│ ├── objects +│ ├── refs +│ ├── HEAD +│ ├── config +│ └── description +├── <username>.listrw +├── <username>.listro +├── create-repo +└── gitcmd + +6 directories, 8 files + +License +======= + +Unless specified otherwise, this project is licensed under the terms of the +MIT license. You should have received a copy of the MIT License along with +this program. If not, see <https://opensource.org/licenses/MIT>. + +SPDX-License-Identifier: MIT + +Copyright © 2016 vg <vg@devys.org> + +Contact +======= + +developer + vg + +mail + vg@devys.org |