[Fusionforge-general] Restricting ssh shell access for git
Roland Mas
lolando at debian.org
Fri May 25 15:44:11 CEST 2012
Olivier Berger, 2012-05-25 14:57:55 +0200 :
> Hi.
>
> I've installed a 5.1.1-6 Debian package, and we probably will only use
> Git for this forge.
>
> I'd like to restrict the use of ssh only to execution of git-related
> commands, and not full shell access (not even chrooted ! see
> http://bugs.debian.org/674559).
>
> AFAICT, the default login shell ('shell' column's default value in the
> 'users' table) is /bin/bash.
>
> As such, it opens full ssh access to the forge for its users, and that's not
> what I want for a public forge.
>
> My thinking is that this could probably be set to /usr/bin/git-shell by
> default, and I could then make sure some cron updates the user's
> "$HOME/git-shell-commands" (man git-shell).
>
> Would you have any other ideas/recommendations on how to achieve this
> (in particular about the cron update) ?
There's also something called rush (restricted user shell) that can be
configured with a config file, which you may want to investigate.
Roland.
--
Roland Mas
If you spit in the air, it lands in your face.
-- Tevye, in Fiddler on the roof
More information about the Fusionforge-general
mailing list