Let's assume that you want to put your repositories in the directory /data/repositories
.
- Create a
gituser
group
# addgroup --system gituser
Adding group `gituser' (GID 101) ...
Done.
- Create a
git
system user.
# adduser --system \
--shell /usr/bin/git-shell \
--home /data/repositories \
--ingroup gituser \
--disabled-password \
--disabled-login \
git
Adding system user `git' (UID 101) ...
Adding new user `git' (UID 101) with group `gituser' ...
useradd: Warning: missing or non-executable shell '/usr/bin/git-shell'
Creating home directory `/data/repositories' ...
- Add the
git
user to the adm` group.
# usermod -a -G adm git
- Create the directory
.ssh
in thegit
user home (/data/repositories
)
# mkdir /data/repositories/.ssh
- Create a
authorized_keys
in/data/repositories/.ssh
using the following format:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <ssh_public_key> # <username>
- Create a
.hushlogin
file in/data/repositories/.ssh
# touch /data/repositories/.ssh/.hushlogin
- Add the following lines
Match User git
AllowAgentForwarding no
X11Forwarding no
AllowTcpForwarding no
Restart the `ssh service:
# systemctl restart ssh
You can try to ssh
onto the server with the `git user:
$ ssh -T git@<server>
Hi <username>! You've successfully authenticated, but I do not
provide interactive shell access.