[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS over SSH
|
From: |
D. J. Hagberg |
|
Subject: |
Re: CVS over SSH |
|
Date: |
Tue, 7 Sep 2004 10:40:44 -0600 (MDT) |
|
User-agent: |
SquirrelMail/1.4.2 |
You have a couple options to restrict what your users can do over
an ssh connection:
1) Use command="cvs server" associated with their public key.
Unfortunately, this means the repository manager needs to manage
public keys for all users.
2) Use rssh as their shell -- http://www.pizzashack.org/rssh/index.shtml
which has a simple way to restrict the actions users can perform
over their ssh connection. Supports scp/sftp/cvs/rsync w/no real
shell access.
3) On Solaris, you can do a very similar thing with RBAC, setting up
a profile/permissions/etc. and setting the user's shell to pfsh.
In addition, you can do any of the above setups in a chroot environment
if you really want to lock down what's accessible on the host. There
are other emails to this list that had links to running cvs-over-ssh
in a chroot environment. I belive sourceforge does some combination
of chroot and something like rssh.
You could, also, find more trustworthy developers ... :-)
address@hidden wrote:
> But doesn't is leads to 'shell access' to the user? I do not want to
> allow direct console access but only cvs access. Similar to what
> SourceForge has.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: CVS over SSH,
D. J. Hagberg <=