SSH to Git Server for Openruko - Similar to heroku's SSH server
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Gitmouth - SSH-to-Git Server for Openruko


gitmouth is a small SSH server written in Python using the Twisted engine framework to handle git push and pull commands users make to manage their remote git repositories. It authenticates the user by matching their public key fingerprint against the API server database, then asks the API server to provision a dyno (a virtualization container) with the respective git repository mounted, finally it connects to this dyno over an SSH-like protocol and runs the git-receive-pack or git- upload-pack command, which in turn will execute the buildpack via git hooks.

For those not familiar with Heroku infrastructure, as buildpacks can contain potentially dangerous code the git command has to run inside an isolated dyno too, hence gitmouth is simply a bridge from the ssh transport to where the git commands run inside a dyno, authenticating and authorizing the request in the pipeline.


Tested on Linux 3.2 using Python 2.7.3.

On a fresh Ubuntu 12.04 LTS instance:

$ apt-get install python python-dev
$ apt-get install python-virtualenv

Please share experiences with CentOS, Fedora, OS X, FreeBSD etc... I am fairly confident it will not work on Windows based machines however.


Ensure virtualenv is installed then:

# Getting the code
$ git clone gitmouth
$ cd gitmouth
# Isolating and installing dependencies
$ make init
# Setting up temporary openssl certs
$ make certs

Environment Variables

gitmouth will check for the presence of several environment variables, these must be configured as part of the process start - e.g. configured in supervisord or as part of boot script see ./gitmouth/bin/gitmouth

  • APISERVER_KEY - special key to authenticate with API server. Example: APISERVER_KEY=abcdef-342131-123123123-asdasd


$ cat > .env << EOF
PYTHONUNBUFFERED=true  # to avoid buffering logs
$ foreman start

Help and Todo

My Python is a little rusty especially in the areas of pythonic practices, feel free to contribute improvements and share thoughts.

  • Pass SIGTERM, SIGKILL through to dyno

  • Flow control using SIGCONT/SIGSTOP

  • Max timeout Kill the event chain after X minutes

  • Brute force attacks - Limit connections by user/IP

  • Locking - only one concurrent commit per repository


gitmouth and other openruko components are licensed under MIT.

Authors and Credits

Matt Freeman email me - im looking for some remote work follow me on twitter