If you didn’t want to use the user account for anything else you could just run chsh for the user and select /usr/bin/git-shell (or where it is located) as the login shell for the user.
However as you want to only restrict the user only when using a specific key, we need to create a helper script to do the same.
Create a file in for example the home directory (of the target host) called git-ssh-remote-command, containing:
#!/bin/sh
exec git-shell -c "$SSH_ORIGINAL_COMMAND"
Run chmod a+rx /path/to/git-ssh-remote-command to make it executable and then use it in your .ssh/authorized_keys file for the key you want to restrict to git-only access, for example:
restrict,command="/path/to/git-ssh-remote-command" ssh-dss 1478912c844...
With the help of the script, this will limit the key to execute only the commands allowed by git-shell.
NOTE: By default git-shell does not allow additional commands needed by e.g. git-lfs; see man git-shell for instructions how to do that if needed.
You may Also Like:
None found
