"Half" ssh authorization to a server with git repository

Posted by hsz on Server Fault See other posts from Server Fault or by hsz
Published on 2011-03-14T14:23:45Z Indexed on 2011/03/14 16:12 UTC
Read the original article Hit count: 307

Filed under:
|
|
|

Hello !

Currently I have purchased web hosting with ssh access.

I have created a git repository on it and if I set my public key in ~/.ssh/authorized_keys file, I have access to that repo, I can push/pull data, etc.

This solution allows access for every user that has his public key in authorized_keys file.

But there is one thing that I want to avoid. Every user can login to the server too and has access to whole ssh account.

Is it possible to create a blacklist of users' keys that will not have an access to ssh ?

I see it that way:

  • user logs in to a git - ok, allow for every one
  • user logs in to ssh account
  • ~/.profile file is hooked and called a custom script:
    • check user's public key
    • if public key is in ~/.ssh/blacklist_keys call bash exit/logout

Is it possible in any way ?

© Server Fault or respective owner

Related posts about ssh

Related posts about git