Skip to content

poc of a ssh server in go, only made to push code to repositories

License

Notifications You must be signed in to change notification settings

paastech-cloud/git-ssh-server

Repository files navigation

Git Ssh Server

Description

This is a simple ssh server that allows you to use git over ssh. It allows git-receive-pack command only.

Requirements

  • git (to test the server)
  • go (to build the server)
  • docker (to run the server in a container)
  • compose (to run a sample environment)

Controlling access

The server does not use an authorized_keys file like openssh-server would. Instead, it queries a postgresql database to check if the user's public key is present in the database.

It then checks if the user is allowed to push to the repository he is trying to push to.

We extract that information from the git-receive-pack command the user is trying to execute. Here's an example:

git-receive-pack '/reponame'

The server will then check if the user is allowed to push to the repository reponame by checking if the user's public key is linked to the repository in the database.

Once this is validated, the server will execute the git-receive-pack command.

Configuration

The server is configured using environment variables.

Variable Description
GIT_REPOSITORIES_FULL_BASE_PATH The path to the directory containing all your repositories.
GIT_POSTGRESQL_USERNAME The username to use to connect to the postgresql database.
GIT_POSTGRESQL_PASSWORD The password to use to connect to the postgresql database.
GIT_POSTGRESQL_DATABASE_NAME The name of the postgresql database.
GIT_POSTGRESQL_PORT The port to use to connect to the postgresql database.
GIT_POSTGRESQL_HOST The host to use to connect to the postgresql database.
GIT_HOST_SIGNER_PATH The path to the host key.
GIT_LOG_LEVEL The log level to use. Possible values include : debug, warn, error, fatal, panic

Docker

Configuration

The server requires a few volumes to be mounted in the container. The following volumes are required:

  • A volume containing the host key
  • A volume containing the git repositories
  • A volume to the docker socket to be able to build the repositories via pack and docker

Usage

You can use the provided compose file to run the server in a docker container.

It bootstraps a postgresql database, this application and a debian container with git installed and a sample nodejs project.

git clone git@github.com:paastech-cloud/git-ssh-server.git

cd git-ssh-server

# Prepare the environment
# This script creates a pair of ssh keys
./_scripts/init-dev-env.sh

# Launch the containers
docker compose up -d

# Populate the database
cd ..

git clone git@github.com:paastech-cloud/api.git

cd api

# Create a .env file based on the .env.example file where DATABASE_URL is set to postgresql://paastech:paastech@postgres:5432/paastech
# Also add the public key you generated earlier to the .env file based on the .env.example file
npm install
# Create the database schema
npx prisma db push
# Seed the database
npx prisma db seed

# Back into the root directory of this project
cd ../git-ssh-server

# Exec into the client container
docker compose exec client bash

# You should now be in a git repository with a sample nodejs project
# You can now push to the server using this command
debug