When configuring a Git server on Gentoo Linux (latest) with Git 1.7.5.3, setting the default shell for the git user to /usr/bin/git-shell results in the following error upon login:
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
The git-shell is a restricted login shell for Git-only SSH access. For security reasons, it prevents interactive shell access while allowing Git operations. The error appears when the shell attempts to check for interactive commands but finds the required directory structure missing.
Here's how to properly configure the git-shell environment:
# Create the required directory structure
sudo -u git mkdir -p /home/git/git-shell-commands
sudo -u git chmod 755 /home/git/git-shell-commands
# Verify the permissions
ls -ld /home/git/git-shell-commands
# Should show drwxr-xr-x
# Create a sample no-interactive command
echo 'echo "Git shell access is enabled"' | sudo -u git tee /home/git/git-shell-commands/no-interactive-login
sudo -u git chmod +x /home/git/git-shell-commands/no-interactive-login
After implementing the solution:
- Test SSH access:
ssh git@yourserver - The system should now display your custom message instead of the error
- Git operations should work normally:
git clone git@yourserver:repo.git
For more control over the git-shell environment, consider these additional configurations:
# Create a whitelist of allowed Git commands
sudo -u git mkdir -p /home/git/git-shell-commands/allowed-commands
sudo -u git touch /home/git/git-shell-commands/allowed-commands/{git-receive-pack,git-upload-pack,git-upload-archive}
This solution works with:
- Git versions 1.7.0 and above
- Most Linux distributions including Gentoo, Ubuntu, and CentOS
- Both password and SSH key authentication
When configuring a Git server, many administrators set /usr/bin/git-shell as the default shell for the git user to enhance security. However, recent Git versions (1.7.5.3 and later) enforce stricter requirements for interactive shell access.
The error occurs because:
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
This means Git now requires a specific directory structure for interactive shell access, even if you only intend to use SSH key-based access.
Here's how to properly set up git-shell:
# Create the required directory structure
sudo -u git mkdir /home/git/git-shell-commands
sudo -u git chmod 755 /home/git/git-shell-commands
# Optional: Add useful commands
sudo -u git tee /home/git/git-shell-commands/help <<'EOF'
#!/bin/sh
echo "Available commands:"
echo "help - show this help"
echo "list - list available repositories"
EOF
sudo -u git chmod +x /home/git/git-shell-commands/help
After setting up the directory:
# Check directory permissions
ls -ld /home/git/git-shell-commands
# Verify shell access
sudo -u git -s /usr/bin/git-shell
If you don't need interactive shell features at all, you can disable them completely by adding this to /etc/passwd:
git:x:1002:1004::/home/git:/usr/bin/git-shell --no-interactive-login
If you're running Git 1.7.5.3 or older, you might need to create a symlink:
sudo ln -s /usr/share/git-core/contrib/git-shell-commands /home/git/git-shell-commands
To ensure your setup matches your Git version:
git --version