1GIT-SHELL(1) Git Manual GIT-SHELL(1)
2
3
4
6 git-shell - Restricted login shell for Git-only SSH access
7
9 chsh -s $(command -v git-shell) <user>
10 git clone <user>@localhost:/path/to/repo.git
11 ssh <user>@localhost
12
14 This is a login shell for SSH accounts to provide restricted Git
15 access. It permits execution only of server-side Git commands
16 implementing the pull/push functionality, plus custom commands present
17 in a subdirectory named git-shell-commands in the user’s home
18 directory.
19
21 git shell accepts the following commands after the -c option:
22
23 git receive-pack <argument>, git upload-pack <argument>, git
24 upload-archive <argument>
25 Call the corresponding server-side command to support the client’s
26 git push, git fetch, or git archive --remote request.
27
28 cvs server
29 Imitate a CVS server. See git-cvsserver(1).
30
31 If a ~/git-shell-commands directory is present, git shell will also
32 handle other, custom commands by running "git-shell-commands/<command>
33 <arguments>" from the user’s home directory.
34
36 By default, the commands above can be executed only with the -c option;
37 the shell is not interactive.
38
39 If a ~/git-shell-commands directory is present, git shell can also be
40 run interactively (with no arguments). If a help command is present in
41 the git-shell-commands directory, it is run to provide the user with an
42 overview of allowed actions. Then a "git> " prompt is presented at
43 which one can enter any of the commands from the git-shell-commands
44 directory, or exit to close the connection.
45
46 Generally this mode is used as an administrative interface to allow
47 users to list repositories they have access to, create, delete, or
48 rename repositories, or change repository descriptions and permissions.
49
50 If a no-interactive-login command exists, then it is run and the
51 interactive shell is aborted.
52
54 To disable interactive logins, displaying a greeting instead:
55
56 $ chsh -s /usr/bin/git-shell
57 $ mkdir $HOME/git-shell-commands
58 $ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
59 #!/bin/sh
60 printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
61 printf '%s\n' "provide interactive shell access."
62 exit 128
63 EOF
64 $ chmod +x $HOME/git-shell-commands/no-interactive-login
65
66 To enable git-cvsserver access (which should generally have the
67 no-interactive-login example above as a prerequisite, as creating the
68 git-shell-commands directory allows interactive logins):
69
70 $ cat >$HOME/git-shell-commands/cvs <<\EOF
71 if ! test $# = 1 && test "$1" = "server"
72 then
73 echo >&2 "git-cvsserver only handles \"server\""
74 exit 1
75 fi
76 exec git cvsserver server
77 EOF
78 $ chmod +x $HOME/git-shell-commands/cvs
79
81 ssh(1), git-daemon(1), contrib/git-shell-commands/README
82
84 Part of the git(1) suite
85
86
87
88Git 2.39.1 2023-01-13 GIT-SHELL(1)