commit fcb212f74153ddbf205115698084b40c9dc1e772
parent d889bc02f8a893a6846a60e9f9f6e04a6f30bee6
Author: Akuario <jkarlos.b@gmail.com>
Date: Thu, 28 Jul 2016 12:05:26 +0200
Added restricted Git access with git-shell-commands
Diffstat:
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/Dockerfile b/Dockerfile
@@ -22,6 +22,13 @@ RUN mkdir /git-server/keys \
&& echo git:12345 | chpasswd \
&& mkdir /home/git/.ssh
+# This is a login shell for SSH accounts to provide restricted Git access.
+# It permits execution only of server-side Git commands implementing the
+# pull/push functionality, plus custom commands present in a subdirectory
+# named git-shell-commands in the user’s home directory.
+# More info: https://git-scm.com/docs/git-shell
+COPY git-shell-commands /home/git/git-shell-commands
+
# En sshd_config habilitamos acceso por key y deshabilitamos por password
COPY sshd_config /etc/ssh/sshd_config
COPY start.sh start.sh
diff --git a/README.md b/README.md
@@ -9,7 +9,12 @@ How to run the container in port 2222 with two volumes, keys volume for public k
How check that container works (you must to have a key):
- $ ssh git@<ip-docker-server> -p 2222 -v
+ $ ssh git@<ip-docker-server> -p 2222
+ ...
+ Welcome to jkarlos/git-server-docker!
+ You've successfully authenticated, but I do not
+ provide interactive shell access.
+ ...
How clone a repository:
diff --git a/git-shell-commands/no-interactive-login b/git-shell-commands/no-interactive-login
@@ -0,0 +1,5 @@
+#!/bin/sh
+printf '%s\n' "Welcome to jkarlos/git-server-docker!"
+printf '%s\n' "You've successfully authenticated, but I do not"
+printf '%s\n' "provide interactive shell access."
+exit 128
