The bazaar documentation is quite extensive, but not when it comes to setting up an ssh server. The solution for allowing
bzr+ssh access to a server without a full shell access is nowhere to be found. But it’s actually quite simple…
Just make sure the
~bzruser/.ssh/authorized_keys entries are as follows :
command="bzr serve --inet --directory=/home/bzruser --allow-writes",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-dss AAAA[... rest of the key + comment ...]
/home/bzruser path to the path you want to restrict the access to. This changes the
bzr+ssh URLs to be relative to this path, thus shorter. To create a branch with the above access, use something like :
bzr push bzr+ssh://email@example.com/my-test-branch
You’ll then see the
/home/bzruser/my-test-branch/ directory created on the server.
2 thoughts on “Creating a restricted bzr+ssh smart server”
Thanks for this information it was very useful in setting up a shared area for repository access without polluting the system with a large number of user accounts.
Also as the documentation is missing from the main bzr documentation, I have attempted to get this information added to the documents as an option for setting up a server. Hopefully that gets applied and can address the real issue of the documentation missing this information.