Creating a restricted bzr+ssh smart server

The bazaar documentation is quite extensive, but not when it comes to setting up an ssh server. The solution for allowing bzr+ssh access to a server without a full shell access is nowhere to be found. But it’s actually quite simple…

Just make sure the ~bzruser/.ssh/authorized_keys entries are as follows :

command="bzr serve --inet --directory=/home/bzruser --allow-writes",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-dss AAAA[... rest of the key + comment ...]

Change the /home/bzruser path to the path you want to restrict the access to. This changes the bzr+ssh URLs to be relative to this path, thus shorter. To create a branch with the above access, use something like :

bzr push bzr+ssh://user@bzrserver.domain/my-test-branch

You’ll then see the /home/bzruser/my-test-branch/ directory created on the server.

2 thoughts on “Creating a restricted bzr+ssh smart server

  1. Thanks for this information it was very useful in setting up a shared area for repository access without polluting the system with a large number of user accounts.

    Also as the documentation is missing from the main bzr documentation, I have attempted to get this information added to the documents as an option for setting up a server. Hopefully that gets applied and can address the real issue of the documentation missing this information.

Leave a Reply

Your email address will not be published. Required fields are marked *