diff options
| author |  anarcat <anarcat@web> | 2016-04-04 19:58:43 +0000 |
|---|---|---|
| committer |  admin <admin@branchable.com> | 2016-04-04 19:58:43 +0000 |
| commit | bd1e8bbf92face63665202a9e96656f34b71dc86 (patch) | |
| tree | 53605f9f767e7e7b264ee1263e27d750101cd315 /doc/git-annex-shell.mdwn | |
| parent | 0aa07c6892cd04330d5451f90221ed604c7aa7f6 (diff) | |
add examples on how to manually setup the remote keys setup by the assistant
Diffstat (limited to 'doc/git-annex-shell.mdwn')
| -rw-r--r-- | doc/git-annex-shell.mdwn | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/git-annex-shell.mdwn b/doc/git-annex-shell.mdwn index 3ac9926ed..502a1358a 100644 --- a/doc/git-annex-shell.mdwn +++ b/doc/git-annex-shell.mdwn @@ -134,6 +134,28 @@ changed. If set, git-annex-shell will refuse to run commands that do not operate on the specified directory. +# EXAMPLES + +git-annex-shell(1) is usually called through a wrapper installed by the git-annex-assistant(1) in the `~/.ssh/authorized_keys` file on the remote host. To make such a setup manually, you will need the following wrapper installed in `~/.ssh/git-annex-shell`: + + #!/bin/sh + + set -e + if [ "x$SSH_ORIGINAL_COMMAND" != "x" ]; then + exec /usr/bin/git-annex-shell -c "$SSH_ORIGINAL_COMMAND" + else + exec /usr/bin/git-annex-shell -c "$@" + fi + +Then restrictions can be implemented to specific SSH keys using the +`command=` parameter. For example, the following forces the key to be +read-only, run only git-annex commands on the given directory: + + command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex GIT_ANNEX_SHELL_LIMITED=true GIT_ANNEX_SHELL_READONLY=true ~/.ssh/git-annex-shell",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1y[...] user@example.com + +Obviously, `ssh-rsa AAAAB3NzaC1y[...] user@example.com` needs to +replaced with your SSH key. + # SEE ALSO [[git-annex]](1) |