I create a ssh server on my suse box,basically I just want it to serve as a git server using ssh, but when I login with ssh name@server I can look at my home/repo directory, that’s normal, but I can even check the file from other user such as home/steve which I don’t want it to, How to setup the user repo to only have access to git directory? say home/repo/repository.git ? or just files from /home/repo ?
I’ve disabled the “permit Root Login” from Yast2-sshd configuration tool (basically just a tool to edit /etc/sshd/sshd_config )”,but it seems that’s not enough.
ssh is too powerful in that it allows for an interactive session.
A giZm0 mentions, gitolite is an authorization layer that can leverage the authentication provided by ssh and allows for a fine-grained level of access control over your repositories.
It is just a perl script, which can set itself in the
~/.ssh/authorized_keysfile in order to intercept any git command, and validate them against a simple text config file.This takes advantage of an ssh feature (nothing to do with git), called forced command.
Note: gitolite can also be linked with an httpd server: see “Why do you need Gitosis or Gitolite?” or “git on HTTP with gitolite and nginx” for more.