I setup a git server over ssh as
http://blog.commonthread.com/post/1034988660/setting-up-a-git-server
However, I am still able to access the server by ssh and see all the folders on the server. How do you usually secure the server so that the git user cannot get out of the home directory and possibly do damage? I read some things about chroot or jail. Or setting the permissions of the home directory to 700. I would like to know the easiest way to achieve some security and the details on how to do it. This is on a Centos Linux server.
Is there a way to deny command line access while still allowing the user to push/pull from git?
You should set the user's shell to git-shell
. From the docs (indeed, almost the entire man page):
This is meant to be used as a login shell for SSH accounts you want to restrict to GIT pull/push access only. It permits execution only of server-side GIT commands implementing the pull/push functionality. The commands can be executed only by the -c option; the shell is not interactive.
(Rup, in the comments, if you'd just googled git shell...)
An alternative would be to use gitolite or gitosis, both of which manage this for you and are pretty easy to configure.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With