Git over ssh: restrict user to git pull/push access only








git-shell is a restricted login shell for GIT-only SSH access

By changing the login shell to git-shell the ssh user can only access git push/pull:
sudo chsh -s /usr/bin/git-shell gituser
When the user login to server via ssh:
ssh gituser@server

the follow error may occur:
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.ssh gituser@server
To fix it, run the following commands on the server(Ubuntu 11.10) as root:
sudo mkdir /home/gituser/git-shell-commands
sudo cp /usr/share/doc/git/contrib/git-shell-commands/list /home/gituser/git-shell-commands/
sudo cp /usr/share/doc/git/contrib/git-shell-commands/help /home/gituser/git-shell-commands/
sudo chown -R gituser /home/gituser/git-shell-commands

See Also:








1 comment:

  1. Useful post, thanks.

    You might want to add that (Ubuntu 12.04.2 LTS at least) it is also necessary to:

    chmod -R u+x ./git-shell-commands

    The list and help files aren't executable in /usr/share/doc.... this will throw an error unless you set them so.

    ReplyDelete