Creating several ssh accounts for allowing push access to developers on a project is, at least, a waste of time and a possible security hole.
Instead of that, let's see how to manage such users using only one user "git" and several ssh-keys for allowing such push access.
First of all, create only one user called git and using git-shell and the shell:
# adduser --shell /usr/bin/git-shell --disabled-login --home /pub/scm --disabled-password git
After that, let's create our repository structure (ssh to the server, or whatever):
# cd /pub/scm # mkdir .ssh # touch .ssh/autorized_keys # mkdir repo.git # cd repo.git # git --bare init --shared=group # cd .. # chown -R git.git * # chown -R git.git .*
Now, go to your normal user account (let's call it, user) and issue:
$ cd ~ $ ssh-keygen $ su - $ scp /home/user/.ssh/id_rsa.pub valid_user@ssh_host.domain.com:/pub/scm $ ssh valid_user@ssh_host.domain.com # cat /home/user/.ssh/id_rsa.pub >> /pub/scm/.ssh/authorized_keys # exit
To avoid typing the password everytime, we can add the password to our key-agent:
$ ssh-add
To avoid typing the user on git push url we can do the following trick:
$ vim ~/.ssh/config
Add these contents:
Host localhost 127.0.0.1
HostName 127.0.0.1
User git
Compression yes
Protocol 2
Save and quit.
Now we can test it:
$ cd ~/repo.git $ git push git+ssh://127.0.0.1/pub/scm/repo.git master
This should make things work better. Whenever you wanna add another user, just
$ scp /home/newuser/.ssh/id_rsa.pub valid_user@ssh_host.domain.com:/pub/scm $ ssh valid_user@ssh_host.domain.com # cat /home/newuser/.ssh/id_rsa.pub >> /pub/scm/.ssh/authorized_keys
And that's all. We have only one "git" user and several authorized keys to log using ssh. And that git user can't connect to ssh using a password based account because it doesn't have any password enabled and can't login to the server.