Setting up git user for ssh access

Hello,

I’d like to set up the git user in a way, that it can do push/clone and all necessary git features, but not access the server through ssh in any common way, which it can with default configuration. (I realize this is more a linux issue than gitea-specific, but I hope that here is a good place to ask this nontheless)

Currently, I use the shell /usr/sbin/nologin for the user git, which allows the user to run the gitea application. If I try to ssh into the server, I get this, which is what I had desired:

$ ssh git.myserver.de
PTY allocation request failed on channel 0
This account is currently not available.
Connection to git.myserver.de closed.

However, I can’t use the ssh url to clone a gitea repo for obvious reasons:

$ git clone ssh://git@git.myserver.de/user/repo.git
Cloning into 'repo'...
fatal: protocol error: bad line length character: This

So how would I keep the regular ssh functionality disabled while allowing access to git-specific functionalities? Is there a specific shell that would allow me to accomplish this?

//edit

I think i might have jumped the gun on this and didnt realize that this feature is provided by default with a regular shell. I feel kinda stupid now.

I figure you have already fixed this, but I would like to confirm for you.

I setup my SSH access on Gitea using this guide: https://wiki.archlinux.org/index.php/Gitea#Enable_SSH_Support .

Don’t worry about it being Arch Linux, just do what you do for your own configuration. I did mine on Ubuntu and it works perfectly.

To confirm, yes you will have an SSH-available user, but no, there will be no shell access, even if Gitea is stopped. I confirmed, and there is no access available on SFTP either.

Following the guide I have linked, you should have a fully-working Git interface over SSH, with no access to anything else on the machine.

1 Like