From eb254a1deca26d8a409300776f0a46549ebf74b8 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Fri, 30 Apr 2010 12:21:03 +0200 Subject: examples/caretaker-ssh-command: Add a short description --- examples/caretaker-ssh-command | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'examples/caretaker-ssh-command') diff --git a/examples/caretaker-ssh-command b/examples/caretaker-ssh-command index ce59a90..03f3e94 100755 --- a/examples/caretaker-ssh-command +++ b/examples/caretaker-ssh-command @@ -1,4 +1,12 @@ #!/usr/bin/env zsh +# example ssh force command. Use this for ssh keys which you only want to use +# for caretaker. +# Example .ssh/authorized_keys line: +# no-pty,no-port-forwarding,command=".../caretaker-ssh-command" ssh-rsa ... +# +# This _should_ restrict all ssh operations to the git/pkglist commands +# required by caretaker. However, be warned that I am no security expert, so +# there might be flaws in here. Use at own risk. # Change this to your package root PKG_ROOT='/home/derf/var/packages_root' @@ -10,14 +18,14 @@ args=(${(z)SSH_ORIGINAL_COMMAND}) if [[ \ ( \ - $args[1] == ${PKG_LIST} && \ - $args[2] == ${PKG_ROOT} \ + ${args[1]} == ${PKG_LIST} && \ + ${args[2]} == ${PKG_ROOT} \ ) || ( \ - $args[1] == 'git-'(upload|receive)'-pack' && \ - $args[2] != *'../'* && \ - $args[2] == \'${PKG_ROOT}/*\' \ - ) \ -]] { + ${args[1]} == 'git-'(upload|receive)'-pack' && \ + ${args[2]} != *'../'* && \ + ${args[2]} == \'${PKG_ROOT}/*\' \ + ) ]] \ +{ args[2]=${args[2]//\'} ${args} } -- cgit v1.2.3