Creating a restricted bzr+ssh smart server

The bazaar documentation is quite extensive, but not when it comes to setting up an ssh server. The solution for allowing bzr+ssh access to a server without a full shell access is nowhere to be found. But it’s actually quite simple…

Just make sure the ~bzruser/.ssh/authorized_keys entries are as follows :

command="bzr serve --inet --directory=/home/bzruser --allow-writes",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-dss AAAA[... rest of the key + comment ...]

Change the /home/bzruser path to the path you want to restrict the access to. This changes the bzr+ssh URLs to be relative to this path, thus shorter. To create a branch with the above access, use something like :

bzr push bzr+ssh://user@bzrserver.domain/my-test-branch

You’ll then see the /home/bzruser/my-test-branch/ directory created on the server.

2 comments to Creating a restricted bzr+ssh smart server

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>