summaryrefslogtreecommitdiff
path: root/examples/caretaker-ssh-command
diff options
context:
space:
mode:
authorDaniel Friesel <derf@derf.homelinux.org>2010-04-30 12:21:03 +0200
committerDaniel Friesel <derf@derf.homelinux.org>2010-04-30 12:21:30 +0200
commiteb254a1deca26d8a409300776f0a46549ebf74b8 (patch)
tree86c46dcaa9b32f555f904bdd30496a2428ee94ee /examples/caretaker-ssh-command
parent31a2c5211a573c7849c57449c303847c05d54ed3 (diff)
examples/caretaker-ssh-command: Add a short description
Diffstat (limited to 'examples/caretaker-ssh-command')
-rwxr-xr-xexamples/caretaker-ssh-command22
1 files changed, 15 insertions, 7 deletions
diff --git a/examples/caretaker-ssh-command b/examples/caretaker-ssh-command
index ce59a90..03f3e94 100755
--- a/examples/caretaker-ssh-command
+++ b/examples/caretaker-ssh-command
@@ -1,4 +1,12 @@
#!/usr/bin/env zsh
+# example ssh force command. Use this for ssh keys which you only want to use
+# for caretaker.
+# Example .ssh/authorized_keys line:
+# no-pty,no-port-forwarding,command=".../caretaker-ssh-command" ssh-rsa ...
+#
+# This _should_ restrict all ssh operations to the git/pkglist commands
+# required by caretaker. However, be warned that I am no security expert, so
+# there might be flaws in here. Use at own risk.
# Change this to your package root
PKG_ROOT='/home/derf/var/packages_root'
@@ -10,14 +18,14 @@ args=(${(z)SSH_ORIGINAL_COMMAND})
if [[ \
( \
- $args[1] == ${PKG_LIST} && \
- $args[2] == ${PKG_ROOT} \
+ ${args[1]} == ${PKG_LIST} && \
+ ${args[2]} == ${PKG_ROOT} \
) || ( \
- $args[1] == 'git-'(upload|receive)'-pack' && \
- $args[2] != *'../'* && \
- $args[2] == \'${PKG_ROOT}/*\' \
- ) \
-]] {
+ ${args[1]} == 'git-'(upload|receive)'-pack' && \
+ ${args[2]} != *'../'* && \
+ ${args[2]} == \'${PKG_ROOT}/*\' \
+ ) ]] \
+{
args[2]=${args[2]//\'}
${args}
}