How to create a restricted SSH account for a GIT repository?

How is the best way开发者_如何学运维 I can create a jailed user on a Linux machine to be used solely for a git repository?

git-shell is a restricted shell that you can use for this purpose.

If you make set a user's login shell to git-shell then he can only run a limited set of server-side git helper functions which enable remote git over ssh usage but don't permit a normal log in.

Also look in to gitosis. In particular, it sets some parameters in .ssh/authorized_keys which prevent port forwarding, etc:

command="gitosis-serve user@host",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAA....

Even if you do not use gitosis, you may want to include the restrictive options.