PHWinfo - Afficher un message

30/09/2006, 15h32

Pascal Bourguignon wrote:

> Sylvain Ferriol <sferriol@imag.fr> writes:
> > i want to reduce ssh login only for svn and cvs
> > how should i config sshd ?
>
> sshd can be configured to accept incoming sessions only for users in
> certain groups.
>
> But users in these groups would be allowed to use ssh for anything
> else than cvs or svn too.
>
> So what you can do is to create alternate user accounts, with as login
> shell some restricted shell that allows them only to use cvs (or svn).
>
> Have a look at: http://www.informatimago.com/linux/c...d-ssh-cvs.html

You can also review the Subversion documentation and its notes on
setting up SSH authorized keys to *only* permit certain operations, by
limiting the command line options of that key. This is often used with
the SSH+svnserve setup.

Alternatively, Subversion permits HTTPS based access, but the UNIX
clients tend to store the user password locally in clear text: I
consider that a huge security misbehavior, and recommend the SSH based
access for exactly this reason.

CVS, I'd suggest you throw out immediately and switch over to
Subversion, if at all possible.

30/09/2006, 15h32	#3
Nico Messages: n/a Hébergeur:	Re: ssh only for cvs and svn Pascal Bourguignon wrote: > Sylvain Ferriol <sferriol@imag.fr> writes: > > i want to reduce ssh login only for svn and cvs > > how should i config sshd ? > > sshd can be configured to accept incoming sessions only for users in > certain groups. > > But users in these groups would be allowed to use ssh for anything > else than cvs or svn too. > > So what you can do is to create alternate user accounts, with as login > shell some restricted shell that allows them only to use cvs (or svn). > > Have a look at: http://www.informatimago.com/linux/c...d-ssh-cvs.html You can also review the Subversion documentation and its notes on setting up SSH authorized keys to only permit certain operations, by limiting the command line options of that key. This is often used with the SSH+svnserve setup. Alternatively, Subversion permits HTTPS based access, but the UNIX clients tend to store the user password locally in clear text: I consider that a huge security misbehavior, and recommend the SSH based access for exactly this reason. CVS, I'd suggest you throw out immediately and switch over to Subversion, if at all possible.