[Fusionforge-general] Restricting ssh shell access for git
Olivier Berger
olivier.berger at it-sudparis.eu
Fri May 25 14:57:55 CEST 2012
Hi.
I've installed a 5.1.1-6 Debian package, and we probably will only use
Git for this forge.
I'd like to restrict the use of ssh only to execution of git-related
commands, and not full shell access (not even chrooted ! see
http://bugs.debian.org/674559).
AFAICT, the default login shell ('shell' column's default value in the
'users' table) is /bin/bash.
As such, it opens full ssh access to the forge for its users, and that's not
what I want for a public forge.
My thinking is that this could probably be set to /usr/bin/git-shell by
default, and I could then make sure some cron updates the user's
"$HOME/git-shell-commands" (man git-shell).
Would you have any other ideas/recommendations on how to achieve this
(in particular about the cron update) ?
Thanks in advance.
Best regards
--
Olivier BERGER
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)
More information about the Fusionforge-general
mailing list