commit - afe4b8089ddc1958d7cac842c90a5651dbfab4b1
commit + 414c3236cf1d6213d1377c0691908380c6761bc2
blob - 8e552939759f9d99f850f531a4a7041b8aaa2956
blob + 31b832c10983c3262cc2a110a8f259513541fd34
--- gotsh/gotsh.1
+++ gotsh/gotsh.1
machine and any systems reachable from it, especially if anonymous users
are allowed to connect:
.Bd -literal -offset indent
-Match User anonymous
+Match User developer
DisableForwarding yes
PermitTTY no
.Ed
DisableForwarding yes
PermitTTY no
.Ed
+.Pp
+Anonymous users can be given public read-only access by using a
+.Xr gotd.conf 5
+access rule such as the following:
+.Bd -literal -offset indent
+repository "public" {
+ path "/var/git/public.git"
+ permit ro anonymous
+}
+.Ed
+.Pp
+The anonymous user account should have a publicly known password, or can be
+set up with an empty password in which case the user's
+.Xr vipw 8
+entry would look similar to this example:
+.Bd -literal
+anonymous::1002:1002::0:0:Anonymous:/home/anonymous:/usr/local/bin/gotsh
+.Ed
+.Pp
+Use of an empty password must be explicitly allowed in
+.Xr sshd_config 5 :
+.Bd -literal -offset indent
+Match User anonymous
+ PasswordAuthentication yes
+ PermitEmptyPasswords yes
+ DisableForwarding yes
+ PermitTTY no
+.Ed
.Sh SEE ALSO
.Xr got 1 ,
.Xr ssh 1 ,