From fcb212f74153ddbf205115698084b40c9dc1e772 Mon Sep 17 00:00:00 2001 From: Akuario Date: Thu, 28 Jul 2016 12:05:26 +0200 Subject: [PATCH] Added restricted Git access with git-shell-commands --- Dockerfile | 7 +++++++ README.md | 7 ++++++- git-shell-commands/no-interactive-login | 5 +++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100755 git-shell-commands/no-interactive-login diff --git a/Dockerfile b/Dockerfile index 3144e94..e34d715 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,13 @@ RUN mkdir /git-server/keys \ && echo git:12345 | chpasswd \ && mkdir /home/git/.ssh +# This is a login shell for SSH accounts to provide restricted Git access. +# It permits execution only of server-side Git commands implementing the +# pull/push functionality, plus custom commands present in a subdirectory +# named git-shell-commands in the user’s home directory. +# More info: https://git-scm.com/docs/git-shell +COPY git-shell-commands /home/git/git-shell-commands + # En sshd_config habilitamos acceso por key y deshabilitamos por password COPY sshd_config /etc/ssh/sshd_config COPY start.sh start.sh diff --git a/README.md b/README.md index a07bbb9..20f7175 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,12 @@ How to run the container in port 2222 with two volumes, keys volume for public k How check that container works (you must to have a key): - $ ssh git@ -p 2222 -v + $ ssh git@ -p 2222 + ... + Welcome to jkarlos/git-server-docker! + You've successfully authenticated, but I do not + provide interactive shell access. + ... How clone a repository: diff --git a/git-shell-commands/no-interactive-login b/git-shell-commands/no-interactive-login new file mode 100755 index 0000000..f042346 --- /dev/null +++ b/git-shell-commands/no-interactive-login @@ -0,0 +1,5 @@ +#!/bin/sh +printf '%s\n' "Welcome to jkarlos/git-server-docker!" +printf '%s\n' "You've successfully authenticated, but I do not" +printf '%s\n' "provide interactive shell access." +exit 128