Creating a restricted bzr+ssh smart server
The bazaar documentation is quite extensive, but not when it comes to setting up an ssh server. The solution for allowing bzr+ssh
access to a server without a full shell access is nowhere to be found. But it’s actually quite simple…
Just make sure the ~bzruser/.ssh/authorized_keys
entries are as follows :
command="bzr serve --inet --directory=/home/bzruser --allow-writes",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-dss AAAA[... rest of the key + comment ...]
Change the /home/bzruser
path to the path you want to restrict the access to. This changes the bzr+ssh
URLs to be relative to this path, thus shorter. To create a branch with the above access, use something like :
bzr push bzr+ssh://user@bzrserver.domain/my-test-branch
You’ll then see the /home/bzruser/my-test-branch/
directory created on the server.
Thanks for this information it was very useful in setting up a shared area for repository access without polluting the system with a large number of user accounts.
Also as the documentation is missing from the main bzr documentation, I have attempted to get this information added to the documents as an option for setting up a server. Hopefully that gets applied and can address the real issue of the documentation missing this information.