Skip to content

Clone it to home directory of a Git Shell account to enable SSH commands

License

Notifications You must be signed in to change notification settings

git-utilities/git-shell-commands

Repository files navigation

Git Shell Commands

git-shell-commands, contains a collection of scripts for Git Shell accounts. The following covers how to install this branch within a git-shell restricted account.

Repository Size Open Issues Open Pull Requests Latest commits


Table of Contents


Quick Start

Bash Variables

_git_user='git-user'
_git_group='devs'
_git_home_base='/srv'
_ssh_pub_key_path='/home/admin/client-keys/git-user/id_rsa.pub'
_git_https_url='https://github.com/git-utilities/git-shell-commands.git'

Add Git shell

tee -a /etc/shells 1>/dev/null <<<"$(which git-shell)"

Add Git user

adduser\
 --system\
 --disabled-password\
 --gecos ''\
 --shell "$(which git-shell)"\
 --home "${_git_home_base,,}/${_git_user,,}"\
 --ingroup "${_git_group}"\
 "${_git_user}"

Clone to Git user's home directory

sudo su --login "${_git_user}" --shell /bin/bash <<EOF
git clone --recurse-submodules "${_git_https_url}"
EOF

Add SSH public key

sudo su --login "${_git_user}" --shell /bin/bash <<EOF
mkdir .ssh
tee -a .ssh/authorized_keys 1>/dev/null <<<"$(<"${_ssh_pub_key_path}")"
chmod 600 .ssh/authorized_keys
EOF

Set executable permissions

sudo su --login "${_git_user}" --shell /bin/bash <<'EOF'
while IFS= read -r -d '' _path; do
  _file_type="$(file --brief --mime-type "${_path}")"
  if [[ "${_file_type}" == 'text/x-shellscript' ]]; then
    chmod --verbose u+x "${_path}"
  fi
done < <(find 'git-shell-commands/' -type f -not -path '*.*' -print0)
EOF

Notes

To disable push and pull remove the Git tracking files and directories

sudo su --login "${_git_user}" --shell /bin/bash <<'EOF'
find "./git-shell-commands" -type d -name '.git' -exec bash -c 'rm -r "$0"' {}
find "./git-shell-commands" -type f -name '.git' -exec bash -c 'rm "$0"' {}
find "./git-shell-commands" -type f -name '.gitmodules' -exec bash -c 'rm "$0"' {}
EOF

To disable interactive logins

sudo su --login "${_git_user}" --shell /bin/bash <<EOC
tee 'git-shell-commands/no-interactive-login' 1>/dev/null <<'EOF'
#!/usr/bin/env bash
printf 'Hi %s, you have successfully authenticated!\n' "${USER}"
printf 'However, there is not an interactive shell here.\n'
exit 128
EOF

chmod u+x 'git-shell-commands/no-interactive-login'
EOC

To list scripts available to Git user

ssh "${_git_user}"@localhost -i "${_ssh_pub_key_path}" list --help

Example client ~/.ssh/config SSH configurations such as the following may be useful in making SSH/Git commands more terse

Host git-user
   IdentitiesOnly yes
   IdentityFile ~/.ssh/id_rsa
   HostName 192.168.0.2
   User git-user

Each script should have documentation on arguments and usage accessible via --help or -h options

ssh git-user git-init --help

Pull Requests are welcomed! Check the Community section for development tips and code of conduct relevant updates.


License

Git Shell Commands submodule quick start documentation
Copyright (C) 2019  S0AndS0

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation; version 3 of the License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.

About

Clone it to home directory of a Git Shell account to enable SSH commands

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages