ssh is too "powerful" for a remote git repository? how to setup permission?

Question

I create a ssh server on my suse box,basically I just want it to serve as a git server using ssh, but when I login with ssh name@server I can look at my home/repo directory, that's normal, but I can even check the file from other user such as home/steve which I don't want it to, How to setup the user repo to only have access to git directory? say home/repo/repository.git ? or just files from /home/repo ?

I've disabled the "permit Root Login" from Yast2-sshd configuration tool (basically just a tool to edit /etc/sshd/sshd_config )",but it seems that's not enough.

Answer 1

If you set the user's shell to be git-shell, they can do nothing but run git commands.

If you don't need fine-grained permissions, then you don't need gitolite or similar

Answer 2

ssh is too powerful in that it allows for an interactive session.
A giZm0 mentions, gitolite is an authorization layer that can leverage the authentication provided by ssh and allows for a fine-grained level of access control over your repositories.
It is just a perl script, which can set itself in the ~/.ssh/authorized_keys file in order to intercept any git command, and validate them against a simple text config file.
This takes advantage of an ssh feature (nothing to do with git), called forced command.

Note: gitolite can also be linked with an httpd server: see "Why do you need Gitosis or Gitolite?" or "git on HTTP with gitolite and nginx" for more.