1 files changed, 57 insertions, 0 deletions

diff --git a/readme.txt b/readme.txt
new file mode 100644
index 0000000..27039f5
--- /dev/null
+++ b/readme.txt
@@ -0,0 +1,57 @@
+This repository is a quick setup to allow readonly and readwrite access for
+git-only through ssh. It is simple but should be secure. You can review the
+script for security as it is really short.
+
+
+sudo adduser --home /home/git --no-create-home --shell /bin/sh --gecos 'git version control' --disabled-password git
+sudo mkdir /home/git
+sudo chown git:git /home/git
+sudo chmod 2770 /home/git
+sudo cp path/gitcmd /home/git/
+sudo gpasswd -a calendros git
+
+in /etc/ssh/sshd_config:
+
+Match User git
+    X11Forwarding no
+    AllowTcpForwarding no
+    AllowAgentForwarding no
+    PermitTunnel no
+    GatewayPorts no
+    PermitTTY no
+    Banner "Only git access allowed"
+    AuthorizedKeysFile /etc/ssh/git_keys
+
+in /etc/ssh/git_keys
+
+# usage: restrict,command="./gitcmd username" key
+# then create a ~git/username.listro for authorized repositories
+
+username.listro with username replaced with the username given at the gitcmd
+argument at the front of the ssh key contains a list of repositories
+directory for read-only access. username.listrw contains a list of read-write
+access.
+
+git directories are created with git init --bare <reponame>
+
+Example of directory structure:
+
+in /home/git:
+
+$ tree --dirsfirst -L 2
+.
+├── <reponame>
+│   ├── branches
+│   ├── hooks
+│   ├── info
+│   ├── objects
+│   ├── refs
+│   ├── HEAD
+│   ├── config
+│   └── description
+├── <username>.listrw
+├── <username>.listro
+├── create-repo
+└── gitcmd
+
+6 directories, 8 files