ARTICLE AD BOX
I have a bare git on a remote server (no github or other type of managed git; just a git).
I created a ssh "git" user, with restricted perm and only git-shell access.
I intend to manually allow several users by configuring several public keys in authorized_keys.
Now, my git has a post-receive hook, which is a php script deploying the pushed version into a dev folder (under other tasks).
In this php script, I could also imagine deploying code into production when pushing specific branch or tag, but I would need to know which public key is currently connected (not everybody can do anything!).
I tryed exec('whoami'), but it doesn't help, all public keys result in the same "git" ssh user connected.
I read here (https://stackoverflow.com/a/23306926/3872061) that it's not possible to get which public key was used for the current ssh connection.
I finally realised I could set an environment myself in authorised_keys command: command="export CURR_USER=\"JohnDoe\" && git-shell -c \"$SSH_ORIGINAL_COMMAND\""
Before I get further this way:
- is there a better way? An already existing variable which I could rely upon? A system command?
- is this solution safe or am I opening a door to any kind of security risk?
- if several persons connect at the same time with different public keys on same "git" ssh user, will each one have "his" own id in "his" own environment variable, or will the last connected one overwrite the environment variable for all of them?
