"Half" ssh authorization to a server with git repository

Posted by hsz on Server Fault See other posts from Server Fault or by hsz
Published on 2011-03-14T14:23:45Z Indexed on 2011/03/14 16:12 UTC
Read the original article Hit count: 307

Filed under:

ssh

|

git

|

authorization

|

ssh-keys

Hello !

Currently I have purchased web hosting with ssh access.

I have created a git repository on it and if I set my public key in ~/.ssh/authorized_keys file, I have access to that repo, I can push/pull data, etc.

This solution allows access for every user that has his public key in authorized_keys file.

But there is one thing that I want to avoid. Every user can login to the server too and has access to whole ssh account.

Is it possible to create a blacklist of users' keys that will not have an access to ssh ?

I see it that way:

user logs in to a git - ok, allow for every one
user logs in to ssh account
~/.profile file is hooked and called a custom script:
- check user's public key
- if public key is in ~/.ssh/blacklist_keys call bash exit/logout

Is it possible in any way ?

© Server Fault or respective owner

Related posts about ssh

Problem with hadoop start-dfs.sh

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java… >>> More
SSH problems (ssh_exchange_identification: read: Connection reset by peer)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was running 11.10 and decided to do the full upgrade and come up to 12.04 after the update SSH (not SSHD) is now misbehaving when attempting to connect to other OpenSSH instances. I say OpenSSH as I am running a DropBear sshd on my router and I am able to connect to it. When attempting to connect… >>> More
SSH main process ended

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running ubuntu server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
SSH server not working (respawns until stopped)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running Ubuntu Server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
Cannot SSH after resetting firewall on VPS

as seen on Server Fault - Search for 'Server Fault'
I'm having trouble trying to SSH to my Debian 5 VPS with blacknight. It was working fine until I did the following: Logged into 'Parallels Infrastructure Manager' - Container - Firewall - Set to 'Normal Firewall settings'. It told me there was an error with the IPTables and offered the option again… >>> More

Related posts about git

git pull gives error: 401 Authorization Required while accessing https://git.foo.com/bar.git

as seen on Stack Overflow - Search for 'Stack Overflow'
My macbook pro is able to clone/push/pull from the company git server. My cent 6.3 vm gets a 401 error git clone https://git.acme.com/git/torque-setup "error: The requested URL returned error: 401 Authorization Required while accessing https://git.acme.com/git/torque-setup/info/refs As a work… >>> More
Can't install git on Ubuntu 12.10

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I'm following these instructions to install git on my laptop: http://git-scm.com/download/linux When I do: $ sudo apt-get install git-core This is what my terinal shows: Reading package lists... Done Building dependency tree Reading state information... Done The following packages… >>> More
Git apache : unable to push via http

as seen on Server Fault - Search for 'Server Fault'
I have to setup a server which can allow http vcs management (such as git and svn). svn support works well, but I have some trouble with git. Actual configuration: CentOS 5 Apache 2.2.8 Git 1.7.4.1 The /etc/httpd/conf/httpd.conf content: ServerTokens OS ServerRoot "/etc/httpd" PidFile run/httpd… >>> More
git on HTTP with gitolite and nginx

as seen on Server Fault - Search for 'Server Fault'
I am trying to setup a server where my git repo would be accessible with HTTP(S). I am using gitolite and nginx (and gitlab for web interface but I doubt it makes any difference). I have searched the whole afternoon and I think I'm stuck. I have think I have understood that nginx needs fcgiwrap… >>> More
Redmine git integration - issue in accessing git from redmine but not from external git client

as seen on Server Fault - Search for 'Server Fault'
I have setup redmine integration with apache as described in the redmine documentation. I have a /git path accessible with auth and /git-private accessible only to redmine. When I clone the repository through /git path, I get the up-to-date repo. But when I try to view it in redmine repo viewer, I… >>> More