Limit SSH User to a shell command

Question

My question is

how can I allow an user to ssh to my server with limitation to a shell command and a directory?

My situation

I\'m using git to dep

Answer 1

You should consider gitolite, which is an authorization layer which can ssh forced command.

And ssh forced command is there precisely to limit ssh to one unique command (in the case of gitolite, a script which will control access right, and make sure only git commands are executed).

Even if you don't use gitolite, ssh forced command alone (not linked to git at all) is still interesting to consider, in order to control and limit what a user can do through an ssh session.

---

The OP Tarzan, who didn't want to install another service, installed another service (Ishell), which is precisely based on ssh forced command ;)

Answer 2

A simple command to disable the shell in a git user is to replace the /usr/bin/bash with /usr/bin/git-shell. Replace it in the /etc/password file or using the command:

usermod -s /usr/bin/git-shell [username]

Check this document from the official Git website: Setting Up the Server. Additional info if you want to have a shell on it but limiting it to a directory use: rbash. Same as git-shell just replace the user shell with it.