NAME
gotsh
—
Game of Trees Shell
SYNOPSIS
gotsh |
gotsh |
DESCRIPTION
gotsh
is the network-facing interface to
gotd(8). It implements the
server-side part of the Git network protocol used by
git(1) and
got(1).
gotsh
is not an interactive shell.
gotsh
is intended to be configured as the login
shell of Git repository user accounts on servers running
gotd(8). If users require a
different login shell, gotsh
can be installed in the
command search path under the names git-receive-pack
and git-upload-pack
, or
gitwrapper(1) can be
used to select the appropriate command to run automatically.
The users can then interact with gotd(8) over the network. When users invoke commands such as
got send
and got fetch
on
client machines, got(1) will
connect to the server with ssh(1). gotsh
will facilitate communication
between gotd(8) running on
the server machine and the got(1) or git(1)
program running on the client machine.
Users running gotsh
should not have access
to Git repositories by means other than accessing the unix socket of
gotd(8) via
gotsh
.
It is recommended to restrict ssh(1) features available to users of
gotsh
. See the
EXAMPLES section for details.
ENVIRONMENT
GOTD_UNIX_SOCKET
- Set the path to the unix socket which gotd(8) is listening on. If not specified, the default path /var/run/gotd.sock will be used.
EXAMPLES
sshd_config(5) directives such as the following are recommended to protect the server machine and any systems reachable from it, especially if anonymous users are allowed to connect:
Match User developer DisableForwarding yes PermitTTY no
It can be convenient to add all relevant users to a common group, such as “developers”, and then use this group as the Match criteria:
Match Group developers DisableForwarding yes PermitTTY no
Anonymous users can be given public read-only access by using a gotd.conf(5) access rule such as the following:
repository "public" { path "/var/git/public.git" permit ro anonymous }
The anonymous user account should have a publicly known password, or can be set up with an empty password in which case the user's vipw(8) entry would look similar to this example:
anonymous::1002:1002::0:0:Anonymous:/home/anonymous:/usr/local/bin/gotsh
Use of an empty password must be explicitly allowed in sshd_config(5):
Match User anonymous PasswordAuthentication yes PermitEmptyPasswords yes DisableForwarding yes PermitTTY no
SEE ALSO
gitwrapper(1), got(1), ssh(1), gotd.conf(5), sshd_config(5), gotd(8)
AUTHORS
Stefan Sperling <stsp@openbsd.org>