[Fusionforge-general] Restricting ssh shell access for git

Olivier Berger olivier.berger at it-sudparis.eu
Fri May 25 14:57:55 CEST 2012


Hi.

I've installed a 5.1.1-6 Debian package, and we probably will only use
Git for this forge.

I'd like to restrict the use of ssh only to execution of git-related
commands, and not full shell access (not even chrooted ! see
http://bugs.debian.org/674559).

AFAICT, the default login shell ('shell' column's default value in the
'users' table) is /bin/bash.

As such, it opens full ssh access to the forge for its users, and that's not
what I want for a public forge.

My thinking is that this could probably be set to /usr/bin/git-shell by
default, and I could then make sure some cron updates the user's
"$HOME/git-shell-commands" (man git-shell).

Would you have any other ideas/recommendations on how to achieve this
(in particular about the cron update) ?

Thanks in advance.

Best regards
-- 
Olivier BERGER 
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)




More information about the Fusionforge-general mailing list