NAME

       gotsh — Game of Trees Shell

SYNOPSIS

       gotsh -c ‘git-receive-pack repository-path’ gotsh -c ‘git-upload-pack repository-path’

DESCRIPTION

       gotsh  is the network-facing interface to gotd(8).  It implements the server-side part of the Git network
       protocol used by git(1) and got(1).

       gotsh is not an interactive shell.  gotsh is intended  to  be  configured  as  the  login  shell  of  Git
       repository user accounts on servers running gotd(8).  If users require a different login shell, gotsh can
       be  installed  in  the  command  search  path  under  the  names git-receive-pack and git-upload-pack, or
       gitwrapper(1) can be used to select the appropriate command to run automatically.

       The users can then interact with gotd(8) over the network.  When users invoke commands such as  got  send
       and  got  fetch on client machines, got(1) will connect to the server with ssh(1).  gotsh will facilitate
       communication between gotd(8) running on the server machine and the got(1) or git(1) program  running  on
       the client machine.

       Users  running  gotsh  should  not have access to Git repositories by means other than accessing the unix
       socket of gotd(8) via gotsh.

       It is recommended to restrict ssh(1) features available to users of gotsh.  See  the  “EXAMPLES”  section
       for details.

ENVIRONMENT

       GOTD_UNIX_SOCKET  Set  the  path to the unix socket which gotd(8) is listening on.  If not specified, the
                         default path /var/run/gotd.sock will be used.

EXAMPLES

       sshd_config(5) directives such as the following are recommended to protect the  server  machine  and  any
       systems reachable from it, especially if anonymous users are allowed to connect:

             Match User developer
                 DisableForwarding yes
                 PermitTTY no

       It can be convenient to add all relevant users to a common group, such as “developers”, and then use this
       group as the Match criteria:

             Match Group developers
                 DisableForwarding yes
                 PermitTTY no

       Anonymous  users  can  be  given  public read-only access by using a gotd.conf(5) access rule such as the
       following:

             repository "public" {
                     path "/var/git/public.git"
                     permit ro anonymous
             }

       The anonymous user account should have a publicly known password, or can be set up with an empty password
       in which case the user's vipw(8) entry would look similar to this example:

       anonymous::1002:1002::0:0:Anonymous:/home/anonymous:/usr/local/bin/gotsh

       Use of an empty password must be explicitly allowed in sshd_config(5):

             Match User anonymous
                 PasswordAuthentication yes
                 PermitEmptyPasswords yes
                 DisableForwarding yes
                 PermitTTY no

SEE ALSO

       gitwrapper(1), got(1), ssh(1), gotd.conf(5), sshd_config(5), gotd(8)

AUTHORS

       Stefan Sperling <stsp@openbsd.org>

Debian                                             $Mdocdate$                                           GOTSH(1)