diff --git a/README.md b/README.md index 0192a3d..3fcc56f 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,7 @@ Looking for a way to manage pull requests for your repositories? git-simpleserve # How it works -Normally when logging in into a remote server via `ssh`, you'll get an interactive shell (most likely a `bash`). That's where you type in your fancy commands. Linux let's you define a custom shell to use (see `man chsh`). Instead of `bash`, you can for example define any script (`bash`, `sh`, `python`, ..) as your shell. Upon successful login, this script is executed and can control which commands you are allowed to run and which not. +Normally when logging in into a remote server via `ssh`, you'll get an interactive shell (most likely a `bash`). That's where you type in your fancy commands. Linux lets you define a custom shell to use (see `man chsh`). Instead of `bash`, you can for example define any script (`bash`, `sh`, `python`, ..) as your shell. Upon successful login, this script is executed and can control which commands you are allowed to run and which not. If `git-simpleserver` is set up on your server and you successfully authenticated as user `git` using your ssh key, a [special shell](./server/shell) is launched. This shell only allows you to run a small number of commands, dedicated to managing your Git repos and Git users. Now you're logged in as user `git`, but how does `git-simpleserver`'s user management work then? Well, that's another cool feature of OpenSSH: For each public key in `authorized_keys` you can define custom env vars which get set when this public key is used to log in. `git-simpleserver` connects a `GIT_USER` environment variable to each public key. Think of `GIT_USER` as a virtual user name, similar, but still different to the ssh user (`git`). Using `GIT_USER` we know who has logged in and can restrict read and write permissions. No one can access your repos, unless you explicitly granted permissions to that person via `git ss user add` or the `.ssh/authorized_keys` file.