NAME
git-shell - Restricted login shell for Git-only SSH accessSYNOPSIS
chsh -s $(command -v git-shell) <user> git clone <user>@localhost:/path/to/repo.git ssh <user>@localhost
DESCRIPTION
This is a login shell for SSH accounts to provide restricted Git access. It permits execution only of server-side Git commands implementing the pull/push functionality, plus custom commands present in a subdirectory named git-shell-commands in the user’s home directory.COMMANDS
git shell accepts the following commands after the -c option: git receive-pack <argument>, git upload-pack <argument>, git upload-archive <argument>Call the corresponding server-side command to
support the client’s git push, git fetch, or git
archive --remote request.
cvs server
Imitate a CVS server. See
git-cvsserver(1).
INTERACTIVE USE
By default, the commands above can be executed only with the -c option; the shell is not interactive.EXAMPLES
To disable interactive logins, displaying a greeting instead:$ chsh -s /usr/bin/git-shell $ mkdir $HOME/git-shell-commands $ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF #!/bin/sh printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not" printf '%s\n' "provide interactive shell access." exit 128 EOF $ chmod +x $HOME/git-shell-commands/no-interactive-login
$ cat >$HOME/git-shell-commands/cvs <<\EOF if ! test $# = 1 && test "$1" = "server" then echo >&2 "git-cvsserver only handles \"server\"" exit 1 fi exec git cvsserver server EOF $ chmod +x $HOME/git-shell-commands/cvs
SEE ALSO
ssh(1), git-daemon(1), contrib/git-shell-commands/READMEGIT
Part of the git(1) suite02/28/2023 | Git 2.39.2 |