GitFOSS

Dark mode Register Login

ethicdevs / gitfoss ∙ (public)

Fork0

Pull Requests

William Nemenchaadd support for git operation through ssh

d016331 (parent e0f7456)12/18/2023, 12:25:18 AM

~Dockerfile.git-ssh

.sh

Shell

(text/x-sh)

# syntax=docker/dockerfile:1
FROM debian:12

# Install required dependencies
RUN apt-get update -y && apt-get install git-core openssh-server sudo curl -y
RUN curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
RUN apt-get install nodejs -y

# Add git-shell to system shells
RUN echo "/usr/bin/git-shell" >> /etc/shells
# RUN chsh -s /usr/bin/git-shell

# Create git user
RUN adduser git
RUN usermod -u 1000 git

# Change git user shell to use git-shell
# RUN usermod --shell /usr/bin/git-shell git
RUN usermod --shell /usr/bin/sh git

# Setup git user home repos' folder
RUN mkdir /home/git/repos
RUN chown git:git -R /home/git/repos
RUN usermod --home /home/git/repos git

# Make it possible for git user to chsh
RUN sed -i -E 's/auth       required   pam_shells.so/auth       sufficient   pam_shells.so/' /etc/pam.d/chsh
# Enable Password-less SSH Authentication (private-keys only)
RUN sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
# RUN echo "ForceCommand /usr/bin/ssh_command" >> /etc/ssh/sshd_config
RUN echo "AllowUsers root git" >> /etc/ssh/sshd_config
RUN echo "AuthorizedKeysFile .ssh/authorized_keys /home/git/.ssh/authorized_keys" >> /etc/ssh/sshd_config

# Empty machine motd
RUN sed -i -E 's|session    optional     pam_motd.so  motd=/run/motd.dynamic|#session    optional     pam_motd.so  motd=/run/motd.dynamic|' /etc/pam.d/sshd
RUN sed -i -E 's|session    optional     pam_motd.so noupdate|#session    optional     pam_motd.so noupdate|' /etc/pam.d/sshd
RUN echo "" > /etc/motd

# Change to git user home dir
WORKDIR /home/git/

# Add git-shell command no-interactive-login 
RUN mkdir git-shell-commands/
COPY ./data/git-shell-commands/no-interactive-login /home/git/git-shell-commands/no-interactive-login
RUN chown git:git git-shell-commands/no-interactive-login
RUN chmod +x git-shell-commands/no-interactive-login

# Add ssh command to force client command
COPY ./data/ssh_command /usr/bin/
RUN chmod +x /usr/bin/ssh_command

# Setup ssh folder and keys
RUN mkdir -p .ssh
RUN chmod 700 .ssh
COPY ./data/authorized_keys .ssh/authorized_keys
RUN chmod 600 .ssh/authorized_keys
RUN chown git:git -R .ssh

# Switch to root user
USER root
WORKDIR /home/git

RUN service ssh start
EXPOSE 22

CMD ["/usr/sbin/sshd","-D"]

GitFOSS - v0.2.0 (#48b426e) - MIT License