Is there a way to restrict git-annex-shell to a specific directory? Currently, if git-annex is paired to a remote repository, it adds this to the authorized_keys:
$ cat ~/.ssh/authorized_keys
command="~/.ssh/git-annex-shell",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3...
$ cat ~/.ssh/git-annex-shell
#!/bin/sh
set -e
exec git-annex-shell -c "$SSH_ORIGINAL_COMMAND"
That gives whoever has the pubkey the right to access all repositories of one user. It would be nice to have a manual way to limit the access to a specific repository like
$ cat ~/.ssh/git-annex-shell
#!/bin/sh
set -e
export GIT_ANNEX_SHELL_REPO=~/annex
exec git-annex-shell -c "$SSH_ORIGINAL_COMMAND"
Or maybe some chroot hackery is the way to go?
I've added a
GIT_ANNEX_SHELL_DIRECTORYenvironment variable, that, if set, prevents git-annex-shell from operating on any other directory.I've made the assistant include that setting in
authorized_keysthat it sets up. For example:Wow, thank you for implementing this so quickly!
Just one question: As far as I understood git-annex-shell relays all unknown commands to git-shell. In this case are there the same restrictions active, too?
Thanks again...
git-shellhave the repository directory as their last parameter, and git-annex-shell depends on that being the case and checks them. It's possible to add some commands to git-shell by putting them in a special directory, and if those commands don't take the directory last, they wouldn't work.It might make sense to be added to some tip that's about setting up git-annex-shell with untrusted users.
The git-annex-shell man pages documents this already of course.