-- markdown -- # subssh #


Author: Esa-Matti Suuronen <esa-matti aet suuronen dot org>

Subssh is a bare minimal shell for exposing minimal amount of commands for untrusted users. Eg. if you want to restrict users' access to svn- Mercurial- or/and git-repositories only.

## Features ##

  • Interactive shell.

  • Multiple users can use single account. - Users are distinguished by public SSH-keys in ~/.ssh/authorized_keys file. - Keys can be managed from the shell.

  • Easily extendable. [Example](

  • Version control management (Git, Mercurial and Subversion are supported). - Users can create, delete, fork and rename repositories. - Permissions management. Users can set who can read/write their


    • Repository publishing. Users can make their repositories public using some web interface (eg. gitweb, websvn). Not included. Subssh just makes symlinks to a configured repository when user decides to publish a repository

Subssh is inspired by [GitHub][h], [Gitosis][s], [YouSource (Verso)][y] and [CherryPy][c] (for the extension system).

[h]: [s]: [y]: [c]:

## Requirements ##

  • Should work with Python 2.4, 2.5 and 2.6. Mostly tested with 2.5.
  • OpenSSH server. Well, subssh can be run locally, but there's really no point doing that...
  • Git (for the Git app).
  • Mercurial (for the Mercurial app).
  • Subversion (for the Subversion app).

## Installing ##

No releases are made yet, but you can try installing from git-repository.

Since is there is only a development version available, usage of a Python [virtualenv][e] is highly recommended. In Debian based distros it can be found from python-virtualenv -package.

$ virtualenv subsshenv $ source subsshenv/bin/activate

If you have also [setuptools][t] installed you can install the tip (latest version in repository) with easy_install:

$ easy_install

Otherwise you can install it manually:

$ hg clone $ cd subssh $ python install

[e]: [t]:

## Usage ##

Just run subssh and type help.

### Usage over SSH ###

Add a public key with subssh-admin

$ subssh-admin --add-key desired_username ssh-rsa AAAmyekeyhere...

and login with that key.

## Example session ##

$ ssh> git-init myrepo Initialized empty Git repository in /home/subssh/repos/git/myrepo.git/

Created new repository 'myrepo'

Owners: me

  • = r

me = rw

Anonymous web view is disabled

Read/Write ssh://> git-set-permissions myfriend +rw myrepo> git-web-enable myrepo> git-info myrepo

Owners: me

  • = r

me = rw myfriend = rw

Anonymous web view is enabled

Read/Write ssh:// Anonymous read Web view>