Added restricted Git access with git-shell-commands

jkarlosb · Jul 28, 2016 · fcb212f · fcb212f
1 parent d889bc0
commit fcb212f
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -22,6 +22,13 @@ RUN mkdir /git-server/keys \
   && echo git:12345 | chpasswd \
   && mkdir /home/git/.ssh
 
+# This is a login shell for SSH accounts to provide restricted Git access.
+# It permits execution only of server-side Git commands implementing the
+# pull/push functionality, plus custom commands present in a subdirectory
+# named git-shell-commands in the user’s home directory.
+# More info: https://git-scm.com/docs/git-shell
+COPY git-shell-commands /home/git/git-shell-commands
+
 # En sshd_config habilitamos acceso por key y deshabilitamos por password
 COPY sshd_config /etc/ssh/sshd_config
 COPY start.sh start.sh

diff --git a/README.md b/README.md
@@ -9,7 +9,12 @@ How to run the container in port 2222 with two volumes, keys volume for public k
 
 How check that container works (you must to have a key):
 
-	$ ssh git@<ip-docker-server> -p 2222 -v
+	$ ssh git@<ip-docker-server> -p 2222
+	...
+	Welcome to jkarlos/git-server-docker!
+	You've successfully authenticated, but I do not
+	provide interactive shell access.
+	...
 
 How clone a repository:
 

diff --git a/git-shell-commands/no-interactive-login b/git-shell-commands/no-interactive-login
@@ -0,0 +1,5 @@
+#!/bin/sh
+printf '%s\n' "Welcome to jkarlos/git-server-docker!"
+printf '%s\n' "You've successfully authenticated, but I do not"
+printf '%s\n' "provide interactive shell access."
+exit 128