table of contents
| GOTSH(1) | General Commands Manual | GOTSH(1) |
NAME¶
gotsh — Game of
Trees Shell
SYNOPSIS¶
gotsh |
gotsh |
gotsh |
DESCRIPTION¶
gotsh is the network-facing interface to
gotd(8). It implements the server-side part of the Git
network protocol used by git(1) and
got(1).
gotsh is not an interactive shell.
gotsh is intended to be configured as the login
shell of Git repository user accounts on servers running
gotd(8). If users require a different login shell,
gotsh can be installed in the command search path
under the names git-receive-pack and
git-upload-pack, or gitwrapper(1)
can be used to select the appropriate command to run automatically.
The users can then interact with gotd(8) over
the network. When users invoke commands such as got
send and got fetch on client machines,
got(1) will connect to the server with
ssh(1). gotsh will facilitate
communication between gotd(8) running on the server
machine and the got(1) or git(1) program
running on the client machine.
Users running gotsh should not have access
to Git repositories by means other than accessing the unix socket of
gotd(8) via gotsh.
The weblogin command provides user
authentication for gotwebd(8).
gotsh will connect to gotwebd(8)
and obtain a login URL which allows browsing private repositories the user
has been granted read access to in gotwebd.conf(5). If
multiple servers are declared in gotwebd.conf(5) the
hostname parameter is required and indicates the
desired virtual host to use in the URL. If no hostname
is specified and only one server is declared in
gotwebd.conf(5) then the name of this server will be used
in the URL.
It is recommended to restrict ssh(1) features
available to users of gotsh. See the
EXAMPLES section for details.
ENVIRONMENT¶
GOTD_UNIX_SOCKET- Set the path to the unix socket which gotd(8) is listening on. If not specified, the default path /var/run/gotd.sock will be used.
EXAMPLES¶
sshd_config(5) directives such as the following are recommended to protect the server machine and any systems reachable from it, especially if anonymous users are allowed to connect:
Match User developer
DisableForwarding yes
PermitTTY no
It can be convenient to add all relevant users to a common group, such as “developers”, and then use this group as the Match criteria:
Match Group developers
DisableForwarding yes
PermitTTY no
Anonymous users can be given public read-only access by using a gotd.conf(5) access rule such as the following:
repository "public" {
path "/var/git/public.git"
permit ro anonymous
}
The anonymous user account should have a publicly known password, or can be set up with an empty password in which case the user's vipw(8) entry would look similar to this example:
anonymous::1002:1002::0:0:Anonymous:/home/anonymous:/usr/local/bin/gotsh
Use of an empty password must be explicitly allowed in sshd_config(5):
Match User anonymous
PasswordAuthentication yes
PermitEmptyPasswords yes
DisableForwarding yes
PermitTTY no
Obtain a gotwebd(8) login URL for got.example.com:
$ ssh got.example.com weblogin
If the web server at got.example.com serves virtual hosts then two hostnames must be provided. One for ssh(1) to connect to, and another to identify the virtual host served by gotwebd(8):
$ ssh got.example.com weblogin got.example.com
In practice both hostnames will often be the same, but this is not guaranteed. There is no reliable way determine the desired virtual host automatically. An ssh_config(5) entry like the following can save some typing:
Host weblogin Hostname got.example.com RemoteCommand weblogin %h
The following command is now equivalent to the above:
$ ssh weblogin
SEE ALSO¶
gitwrapper(1), got(1), ssh(1), gotd.conf(5), gotwebd.conf(5), sshd_config(5), gotd(8), gotwebd(8)
AUTHORS¶
Stefan Sperling <stsp@openbsd.org>
| October 1, 2025 | Debian |