diff options
| author | Andrew Cady <d@cryptonomic.net> | 2021-10-23 12:13:00 -0400 |
|---|---|---|
| committer | Andrew Cady <d@cryptonomic.net> | 2021-10-23 12:21:24 -0400 |
| commit | 2696429ad843fa2d74f5607245140c9d1e13159b (patch) | |
| tree | cbd3b10f2178e9c152648b3ae0944b582284d6e0 /README.md | |
| parent | c1f1b3f92b8e7da270ae2ff9acb690d09526e255 (diff) | |
README
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/README.md b/README.md new file mode 100644 index 0000000..d4b8127 --- /dev/null +++ b/README.md | |||
| @@ -0,0 +1,96 @@ | |||
| 1 | AnonymousSSH | ||
| 2 | ------------ | ||
| 3 | |||
| 4 | |||
| 5 | |||
| 6 | |||
| 7 | |||
| 8 | |||
| 9 | WHAT IT DOES | ||
| 10 | ------------ | ||
| 11 | |||
| 12 | This repository contains the code to share itself (the repository) | ||
| 13 | through Git-over-SSH. | ||
| 14 | |||
| 15 | It also contains the code to listen for changes sent to itself through | ||
| 16 | Git-over-SSH. | ||
| 17 | |||
| 18 | |||
| 19 | |||
| 20 | |||
| 21 | |||
| 22 | |||
| 23 | HOW IT WORKS | ||
| 24 | ------------ | ||
| 25 | |||
| 26 | Git contains a program `git-receive-pack` which implements a git | ||
| 27 | protocol server. The `git-receive-pack` expects to be launched as an SSH | ||
| 28 | server "ForcedCommand" in a configuration that protects the server from | ||
| 29 | untrustworthy users. | ||
| 30 | |||
| 31 | Normally, the SSH server only permits users who have already uploaded | ||
| 32 | their public keys to the server. It assumes that access should be closed | ||
| 33 | to new users. | ||
| 34 | |||
| 35 | Installing this code reverses that assumption, granting open access to | ||
| 36 | unrecognized users. This is made safe by limiting write access to a | ||
| 37 | GIT_NAMESPACE over which the user proves global mathematical ownership | ||
| 38 | with their SSH client key. | ||
| 39 | |||
| 40 | |||
| 41 | |||
| 42 | |||
| 43 | |||
| 44 | |||
| 45 | HOW TO INSTALL | ||
| 46 | -------------- | ||
| 47 | |||
| 48 | Run: | ||
| 49 | ``` | ||
| 50 | make | ||
| 51 | ``` | ||
| 52 | |||
| 53 | This installs the `AnonymousAccessCommand` in the current user's home | ||
| 54 | directory. | ||
| 55 | |||
| 56 | Then, if sudo access is available, it enables anonymous access by | ||
| 57 | editing the system `OpenSSH` configuration. | ||
| 58 | |||
| 59 | |||
| 60 | |||
| 61 | |||
| 62 | |||
| 63 | |||
| 64 | NON-ROOT INSTALLATION | ||
| 65 | --------------------- | ||
| 66 | |||
| 67 | If sudo access is not available, you can install to a different | ||
| 68 | location: | ||
| 69 | |||
| 70 | ``` | ||
| 71 | make SSH_CONFIG_DIR=.config/ssh \ | ||
| 72 | SSHD_CONFIG_DIR=.config/ssh/config.d \ | ||
| 73 | SSH_LIB_DIR=.local/lib/ssh | ||
| 74 | ``` | ||
| 75 | |||
| 76 | Then you will need to run `OpenSSH` on a non-default port (the default | ||
| 77 | port requires root access). | ||
| 78 | |||
| 79 | |||
| 80 | |||
| 81 | |||
| 82 | |||
| 83 | |||
| 84 | ALTERNATIVE LOCATION OF `AnonymousAccessCommand` | ||
| 85 | ------------------------------------------------ | ||
| 86 | |||
| 87 | It is also possible to choose the location of the | ||
| 88 | `AnonymousAccessCommand` itself: | ||
| 89 | |||
| 90 | ``` | ||
| 91 | make USER_SSH_CONFIG_DIR=$HOME/.config/ssh | ||
| 92 | ``` | ||
| 93 | |||
| 94 | First you would have to make the contents of the installed file | ||
| 95 | `AuthorizedKeysCommand` vary according to that `Makefile` paremeter, by | ||
| 96 | editing `Makefile`. | ||