shell

Git shell for sbi.re
Log | Files | Refs | README

README.md (1716B)


1Custom git shell for [sbi.re].
2Useful for handling user auth and repository permissions.
3There's also an optional post-update hook so that public repositories 
4are exported to some directory using [stagit].
5
6[sbi.re]: https://sbi.re
7[stagit]: https://codemadness.org/stagit.html
8
9## Setup
10
11Put `shell.py` and `policy.py` in `/var/lib/git/`
12which should be the home of system user `git`.
13Put the SSH public keys of some users in `/var/lib/git/`,
14so that people can connect at first. 
15
16    users
17    ├── bob
18    │   ├── laptop.pub
19    │   └── workstation.pub
20    └── alice
21        └── laptop.pub
22
23Note that usernames do not have to correspond to machine users,
24they are only used for auth handling and git permissions.
25
26To allow all these users to connect as the git user, move `auth.sh` to
27`/etc/ssh/` (or any directory owned by `root`, really), and add the following
28rules at the end of `/etc/ssh/sshd_config`:
29
30    Match User git
31      AuthorizedKeysFile none
32      AuthorizedKeysCommand /etc/ssh/auth.sh
33      AuthorizedKeysCommandUser git
34
35This script will lookup keys in `/var/lib/git/users/` to authenticate users.
36
37## Commands
38
39SSH-ing as git user will drop you into a custom shell:
40
41    $ ssh git@sbi.re
42
43You can also run one-off commands directly:
44
45    $ ssh git@sbi.re cmd
46
47### Change description of repository
48
49Provided you have access to `myrepo`, you can read and set its description with
50the following command:
51
52    $ ssh git@sbi.re desc myrepo
53    $ ssh git@sbi.re desc myrepo "A new description for the repo"
54
55### Managing SSH keys
56
57    $ ssh git@sbi.re keys
58    $ cat ~/.ssh/mykey.pub > ssh git@sbi.re keys add mykey
59    $ ssh git@sbi.re keys remove myoldkey
60