diff options
Diffstat (limited to 'readme.txt')
-rw-r--r-- | readme.txt | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/readme.txt b/readme.txt new file mode 100644 index 0000000..27039f5 --- /dev/null +++ b/readme.txt @@ -0,0 +1,57 @@ +This repository is a quick setup to allow readonly and readwrite access for +git-only through ssh. It is simple but should be secure. You can review the +script for security as it is really short. + + +sudo adduser --home /home/git --no-create-home --shell /bin/sh --gecos 'git version control' --disabled-password git +sudo mkdir /home/git +sudo chown git:git /home/git +sudo chmod 2770 /home/git +sudo cp path/gitcmd /home/git/ +sudo gpasswd -a calendros git + +in /etc/ssh/sshd_config: + +Match User git + X11Forwarding no + AllowTcpForwarding no + AllowAgentForwarding no + PermitTunnel no + GatewayPorts no + PermitTTY no + Banner "Only git access allowed" + AuthorizedKeysFile /etc/ssh/git_keys + +in /etc/ssh/git_keys + +# usage: restrict,command="./gitcmd username" key +# then create a ~git/username.listro for authorized repositories + +username.listro with username replaced with the username given at the gitcmd +argument at the front of the ssh key contains a list of repositories +directory for read-only access. username.listrw contains a list of read-write +access. + +git directories are created with git init --bare <reponame> + +Example of directory structure: + +in /home/git: + +$ tree --dirsfirst -L 2 +. +├── <reponame> +│ ├── branches +│ ├── hooks +│ ├── info +│ ├── objects +│ ├── refs +│ ├── HEAD +│ ├── config +│ └── description +├── <username>.listrw +├── <username>.listro +├── create-repo +└── gitcmd + +6 directories, 8 files |