I’ve been trying to setup the git user on our gitlab-ce server for use with SSH in a secure way. I’ve not found much information on gitlab-ce’s authorized_keys file.
What I’m trying to achieve is:
-git user uses git-shell
-ssh clone/push/pull operations work
-ssh using git user results in git shell limited to help and list
What I’ve done is this:
-copied list and help commands to /var/opt/gitlab/git-shell-commands
-appended /usr/bin/git-shell to /etc/shells
-set git user shell to /usr/bin/git-shell via /etc/gitlab/gitlab.rb using user[‘shell’] = ‘/usr/bin/git-shell’
-git user’s home remains set as /var/opt/gitlab
What I’ve noticed is that within the .ssh/authorized_keys file for gitlab, the ssh command includes a path to gitlab-shell which cannot be reached upon ssh. A typical entry from gitlab-ce’s authorized_keys is like this:
command="/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell key-26",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa r5web56brvdbd5nt…
This is what is seen SSHing:
fatal: unrecognized command ‘/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell key-26’
Connection to the-gitlab-ce.server.host closed.
(su-ing to the git user on the server works as expected - resulting in git shell)
Any ideas/help would be much appreciated.