Hi Everybody,
if i’m correct, gitlab adds the user git. I think it’s possible to log in via ssh and get access to shell. Isn’t this a security issue because a user can move from there to other hosts, mount shares etc.?
Best Mario
Hi Everybody,
if i’m correct, gitlab adds the user git. I think it’s possible to log in via ssh and get access to shell. Isn’t this a security issue because a user can move from there to other hosts, mount shares etc.?
Best Mario
If you look at the authorized_keys
file that GitLab creates, you will see that it only allows certain programs to be run.
Unless you have set a password for the git
user yourself, the only way to log in as the git
user is with an SSH key and the only thing you can do with that key is whatever the authorized_keys
file says you can do.
Try logging in with SSH to git@gitlab.com
and see what happens. You should get a message something like this:
Server refused to allocate pty Welcome to GitLab, YOUR_NAME
After that, the connection will automatically close.
Thanks a lot your answere.