I was wanting to use an existing account to provide access to Git repos via
SSH. The account was already used to provide Subversion access, so the
~/.ssh/authorized_keys already had a number of entries with :
command="svnserve -t -R -r /path/to/svnrepo",from=...
So I thought I would use
git-shell to provide restricted access to Git
repositories. After a little trial and error (which I probably could have
avoided if I had thought more carefully about what I was doing), I came up with
command="/usr/bin/git-shell -c \"$SSH_ORIGINAL_COMMAND\"",from=...
command=".." like this is present, the client command is ignored and
the configured command is run, with the original client command being provided
through the environment variable
That seems to work, although it does not restrict access to any particular repository. For that, I will probably have to look in to gitosis or gitolite.
Posted: 28 Oct 2012