'SSHD config: PermitUserEnvironment on a case-by-case basis

I have a git server where people set up remote repositories over ssh, and there's a git user that they all connect as which has secure permissions and whatnot.

I'm editing the pre-receive hook in a repo so that it sees if the environment variable, $GIT_USER, matches the list of allowed users for that repo to prevent unauthorized users from pushing.

This environment variable is set individually in the git user's .ssh/authorized_keys file.

However, I don't want environment variables to be set for ssh for any user besides git.

Is there any way to edit /etc/ssh/sshd_config such that PermitUserEnvironment is only enabled for the git user?

gitsshd


Solution 1:[1]

The workaround would be to:

  • keep PermitUserEnvironment to 'no'
  • replace /usr/local/bin/git by a wrapper script which would:
    • set the relevant environment variables
    • call the actual git binary.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 VonC

Related Questions

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

How can I 'git clone' from another machine?

VS Code / Bitbucket / SSH - Permission denied (publickey)

Differences between git pull origin master & git pull origin/master

git config: remote.<name>.fetch - is it possible to set up exceptions?

Git push hangs when pushing to Github?

How to clone git repository with specific revision/changeset?

Remove a file from the list that will be committed

Unable to create '/git/index.lock': File exists - but it doesn't

VSTS: How to get all linked work items since last successful release to production?

Versioning of debian packaging Information

How to generate ssh keys (for github)

How do I commit case-sensitive only filename changes in Git?