A common problem is that Linux/Unix system administrators want to grant users access to SVN repositories, but prevent them from logging in on the shell. This can be accomplished quite easily.
First, disable the user’s account by running:
usermod --lock [user]
This way, only public key authentication is allowed. Then, when adding the user’s key to the ~/.ssh/authorized_keys file, prefix it with this:
command="/usr/local/bin/svnserve -t",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding
I used our wrapper script in /usr/local/bin as the command, because it sets an umask of 002 before actually running svnserve. This is necessary when using svn+ssh access.
The source for this trick explains it in more detail.
Recent Comments