savannah-hackers-public
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] mercurial ssh access issues

From: Aleix Conchillo Flaqué
Subject: Re: [Savannah-hackers-public] mercurial ssh access issues
Date: Thu, 17 Apr 2008 22:35:18 +0200 
I see. Now I understand what you meant in the previous mail, that is
not use the "command=", but add hg-ssh in sv_membersh, is that right?
I thought you said using "command=" was a good idea, my
misunderstanding, sorry.

Where do you tell that the user shell is sv_membersh?

Thanks in advance,

Aleix

On Thu, Apr 17, 2008 at 10:12 PM, Sylvain Beucler <address@hidden> wrote:
> Hi,
>
>  I don't think it's interesting to use "command=" from .ssh/authorized;
>  sv_membersh is doing this job at the shell level (that is, the users'
>  shell is /usr/local/bin/sv_membersh instead of /bin/bash). This works
>  in other contexts than SSH.
>
>  Note that what you allow in "command=" is also subject to shell
>  restrictions (that is, to sv_membersh's filters).
>
>  --
>  Sylvain
>
>
>
>  On Thu, Apr 17, 2008 at 09:06:38AM +0200, Aleix Conchillo Flaqué wrote:
>  > On Tue, Apr 15, 2008 at 9:10 PM, Sylvain Beucler <address@hidden> wrote:
>  > > Hi,
>  > >
>  > >  Good idea. Try to see if you can modify backend/account/sv_membersh.in
>  > >  in this regard.
>  > >
>  > >  "cd /srv/hg/project" is a good idea, it permits to avoid the /srv/hg
>  > >  path. Too bad I didn't think of this for SVN and Git at Savannah ;)
>  > >
>  >
>  > I have added automatic authorized_keys command modification in this commit:
>  >
>  > 
> http://github.com/aleix/savane-cleanup/commit/0062cd754fcde31519e7460d0058266df31b04e7
>  >
>  > I have modified sv_users.in instead of sv_membersh.in, because there
>  > where the UserAddSSHKey calls are found. I have added and extra
>  > argument for the ssh command to execute. It can be empty and only the
>  > key will be saved (as before).
>  >
>  > I have added a new file sv_ssh_access.in that only executes
>  > SSH_ORIGINAL_COMMAND (seems to work fine).
>  >
>  > I have also solved an issue when adding ssh keys. It seems that NULL
>  > (i.e. when user has no ssh keys) were returned as 0, and the current
>  > checks did not handle it, so the authorized_keys file was created with
>  > a 0.
>  >
>  > May be an extra configuration file would be better, indicating whether
>  > to use authorized_keys command or not. Or we could leave it like that
>  > and add a configuration file (when needed) for the sv_ssh_access
>  > script.
>  >
>  > And other thing I've seen, is that tabs are used. Is this the default?
>  > I'd rather use spaces as as tabs are not very friendly (diffs,
>  > printing, different tab settings, etc.).
>  >
>  > Any comments would be welcome.
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]