1GIT-SHELL(1)                      Git Manual                      GIT-SHELL(1)
2
3
4

NAME

6       git-shell - Restricted login shell for Git-only SSH access
7

SYNOPSIS

9       chsh -s $(command -v git-shell) <user>
10       git clone <user>@localhost:/path/to/repo.git
11       ssh <user>@localhost
12

DESCRIPTION

14       This is a login shell for SSH accounts to provide restricted Git
15       access. It permits execution only of server-side Git commands
16       implementing the pull/push functionality, plus custom commands present
17       in a subdirectory named git-shell-commands in the user’s home
18       directory.
19

COMMANDS

21       git shell accepts the following commands after the -c option:
22
23       git receive-pack <argument>, git upload-pack <argument>, git
24       upload-archive <argument>
25           Call the corresponding server-side command to support the client’s
26           git push, git fetch, or git archive --remote request.
27
28       cvs server
29           Imitate a CVS server. See git-cvsserver(1).
30
31       If a ~/git-shell-commands directory is present, git shell will also
32       handle other, custom commands by running "git-shell-commands/<command>
33       <arguments>" from the user’s home directory.
34

INTERACTIVE USE

36       By default, the commands above can be executed only with the -c option;
37       the shell is not interactive.
38
39       If a ~/git-shell-commands directory is present, git shell can also be
40       run interactively (with no arguments). If a help command is present in
41       the git-shell-commands directory, it is run to provide the user with an
42       overview of allowed actions. Then a "git> " prompt is presented at
43       which one can enter any of the commands from the git-shell-commands
44       directory, or exit to close the connection.
45
46       Generally this mode is used as an administrative interface to allow
47       users to list repositories they have access to, create, delete, or
48       rename repositories, or change repository descriptions and permissions.
49
50       If a no-interactive-login command exists, then it is run and the
51       interactive shell is aborted.
52

EXAMPLES

54       To disable interactive logins, displaying a greeting instead:
55
56           $ chsh -s /usr/bin/git-shell
57           $ mkdir $HOME/git-shell-commands
58           $ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
59           #!/bin/sh
60           printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
61           printf '%s\n' "provide interactive shell access."
62           exit 128
63           EOF
64           $ chmod +x $HOME/git-shell-commands/no-interactive-login
65
66       To enable git-cvsserver access (which should generally have the
67       no-interactive-login example above as a prerequisite, as creating the
68       git-shell-commands directory allows interactive logins):
69
70           $ cat >$HOME/git-shell-commands/cvs <<\EOF
71           if ! test $# = 1 && test "$1" = "server"
72           then
73                   echo >&2 "git-cvsserver only handles \"server\""
74                   exit 1
75           fi
76           exec git cvsserver server
77           EOF
78           $ chmod +x $HOME/git-shell-commands/cvs
79

SEE ALSO

81       ssh(1), git-daemon(1), contrib/git-shell-commands/README
82

GIT

84       Part of the git(1) suite
85
86
87
88Git 2.36.1                        2022-05-05                      GIT-SHELL(1)
Impressum