[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS over SSH

From: D. J. Hagberg
Subject: Re: CVS over SSH
Date: Tue, 7 Sep 2004 10:40:44 -0600 (MDT)
User-agent: SquirrelMail/1.4.2

You have a couple options to restrict what your users can do over
an ssh connection:

1) Use command="cvs server" associated with their public key.
Unfortunately, this means the repository manager needs to manage
public keys for all users.

2) Use rssh as their shell --
which has a simple way to restrict the actions users can perform
over their ssh connection.  Supports scp/sftp/cvs/rsync w/no real
shell access.

3) On Solaris, you can do a very similar thing with RBAC, setting up
a profile/permissions/etc. and setting the user's shell to pfsh.

In addition, you can do any of the above setups in a chroot environment
if you really want to lock down what's accessible on the host.  There
are other emails to this list that had links to running cvs-over-ssh
in a chroot environment.  I belive sourceforge does some combination
of chroot and something like rssh.

You could, also, find more trustworthy developers ... :-)

address@hidden wrote:
> But doesn't is leads to 'shell access' to the user? I do not want to
> allow direct console access but only cvs access. Similar to what
> SourceForge has.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]