simplify manpage example and ask another question
sorry for the noise again...
This commit is contained in:
Antoine Beaupré
parent
20d15f70dd
commit
7a56f9e9e3
2 changed files with 25 additions and 15 deletions
|
|
@ -0,0 +1,15 @@
|
|||
[[!comment format=mdwn
|
||||
username="anarcat"
|
||||
subject="""fixed up"""
|
||||
date="2016-04-04T20:30:22Z"
|
||||
content="""
|
||||
|
||||
Why doesn't the assistant use git-annex -c instead of setting up a
|
||||
wrapper that can potentially break? Seems like one moving parts too
|
||||
many...
|
||||
|
||||
I have removed the wrapper from the manpage, as it seems a little
|
||||
annoying to setup manually for no real advantage that I can see. Note
|
||||
that the double-quotes need to be quoted otherwise the public key is
|
||||
completely ignored.
|
||||
"""]]
|
||||
|
|
@ -136,25 +136,20 @@ changed.
|
|||
|
||||
# EXAMPLES
|
||||
|
||||
git-annex-shell(1) is usually called through a wrapper installed by the git-annex-assistant(1) in the `~/.ssh/authorized_keys` file on the remote host. To make such a setup manually, you will need the following wrapper installed in `~/.ssh/git-annex-shell`:
|
||||
git-annex-shell(1) is usually called through a wrapper installed by
|
||||
the git-annex-assistant(1) in the `~/.ssh/authorized_keys` file on the
|
||||
remote host. You can also do a similar setup by adding a specific
|
||||
line with a `command=` parameter to `~/.ssh/authorized_keys` by hand.
|
||||
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
if [ "x$SSH_ORIGINAL_COMMAND" != "x" ]; then
|
||||
exec /usr/bin/git-annex-shell -c "$SSH_ORIGINAL_COMMAND"
|
||||
else
|
||||
exec /usr/bin/git-annex-shell -c "$@"
|
||||
fi
|
||||
For example, the following forces the key to be read-only, run only
|
||||
git-annex commands on the given directory:
|
||||
|
||||
Then restrictions can be implemented to specific SSH keys using the
|
||||
`command=` parameter. For example, the following forces the key to be
|
||||
read-only, run only git-annex commands on the given directory:
|
||||
|
||||
command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex GIT_ANNEX_SHELL_LIMITED=true GIT_ANNEX_SHELL_READONLY=true ~/.ssh/git-annex-shell",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1y[...] user@example.com
|
||||
command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex GIT_ANNEX_SHELL_LIMITED=true GIT_ANNEX_SHELL_READONLY=true git-annex-shell -c \"$SSH_ORIGINAL_COMMAND\"",no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1y[...] user@example.com
|
||||
|
||||
Obviously, `ssh-rsa AAAAB3NzaC1y[...] user@example.com` needs to
|
||||
replaced with your SSH key.
|
||||
replaced with your SSH key. The above also assumes `git-annex-shell`
|
||||
is availble in your `$PATH`, use an absolute path if it is not the
|
||||
case.
|
||||
|
||||
# SEE ALSO
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue