Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Securing git server

Tags:

git

shell

ssh

jail

I setup a git server over ssh as

http://blog.commonthread.com/post/1034988660/setting-up-a-git-server

However, I am still able to access the server by ssh and see all the folders on the server. How do you usually secure the server so that the git user cannot get out of the home directory and possibly do damage? I read some things about chroot or jail. Or setting the permissions of the home directory to 700. I would like to know the easiest way to achieve some security and the details on how to do it. This is on a Centos Linux server.

Is there a way to deny command line access while still allowing the user to push/pull from git?

like image 915
jimiyash Avatar asked Dec 09 '22 15:12

jimiyash


2 Answers

You should set the user's shell to git-shell. From the docs (indeed, almost the entire man page):

This is meant to be used as a login shell for SSH accounts you want to restrict to GIT pull/push access only. It permits execution only of server-side GIT commands implementing the pull/push functionality. The commands can be executed only by the -c option; the shell is not interactive.

(Rup, in the comments, if you'd just googled git shell...)

like image 144
Cascabel Avatar answered Dec 22 '22 18:12

Cascabel


An alternative would be to use gitolite or gitosis, both of which manage this for you and are pretty easy to configure.

like image 40
ebneter Avatar answered Dec 22 '22 19:12

ebneter