#ssh #authz #git #authorization

app git-shell-enforce-directory

Restrict git-shell into a directory

2 stable releases

Uses old Rust 2015

1.0.1 Jun 14, 2022
1.0.0 Mar 29, 2018

#6 in #authz

21 downloads per month

ISC license

6KB
124 lines

Restrict an ssh-key via force-command to a specific git repository.

Inspired by http://eagain.net/blog/2007/03/22/howto-host-git.html

Usage

  1. Install
$ cargo install git-shell-enforce-directory
  1. Modify and run:
$ cat >> ~/.ssh/authorized_keys <<EOF
command="$HOME/.cargo/bin/git-shell-enforce-directory $PATH_TO_GIT_REPO",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-[...] AAAA[...]
EOF

TODO

  • Use logging
    • -v enables debug level
    • Create fatal! macro which does error! and then exits
  • Add --read-only flag
  • Add tests
  • Fix the more Cargo.toml metadata documentation path e.g.

Dependencies

~4–12MB
~123K SLoC