I am trying to configure a custom hooks with a script including SSH instructions in order to trigger something on a remote server.
So I add a private SSH key to the user git, but from the ssh on gitlab server doc I read: “this practice
is not supported and is strongly discouraged as it presents significant
security risks”
How can I avoid this situation?
Docs :
Seems like an odd question … don’t do that. Hooks that execute commands are highly susceptible to attack from multiple directions.
Use a script that does whatever you’re trying to do to. Check the return code for the command and if successful then trigger the remote server to do what you need to do via ssh and restrict it via .ssh/config to do ONLY that.
To answer your original question – which is a bad idea – You can restrict keys to permissible commands in the authorized_keys & config files.