Re: [Savannah-hackers-public] mercurial ssh access issues

[Sylvain Beucler]

Hi,

Yep, that's right?

The shell is configured using:
  our $sys_shell="/usr/local/bin/sv_membersh";
in /etc/savane/savane.conf.pl

(it's not easy to discover that given the current state of the
installation process, indeed)

-- 
Sylvain

On Thu, Apr 17, 2008 at 10:35:18PM +0200, Aleix Conchillo Flaqué wrote:
> I see. Now I understand what you meant in the previous mail, that is
> not use the "command=", but add hg-ssh in sv_membersh, is that right?
> I thought you said using "command=" was a good idea, my
> misunderstanding, sorry.
> 
> Where do you tell that the user shell is sv_membersh?
> 
> Thanks in advance,
> 
> Aleix
> 
> On Thu, Apr 17, 2008 at 10:12 PM, Sylvain Beucler <address@hidden> wrote:
> > Hi,
> >
> >  I don't think it's interesting to use "command=" from .ssh/authorized;
> >  sv_membersh is doing this job at the shell level (that is, the users'
> >  shell is /usr/local/bin/sv_membersh instead of /bin/bash). This works
> >  in other contexts than SSH.
> >
> >  Note that what you allow in "command=" is also subject to shell
> >  restrictions (that is, to sv_membersh's filters).
> >
> >  --
> >  Sylvain
> >
> >
> >
> >  On Thu, Apr 17, 2008 at 09:06:38AM +0200, Aleix Conchillo Flaqué wrote:
> >  > On Tue, Apr 15, 2008 at 9:10 PM, Sylvain Beucler <address@hidden> wrote:
> >  > > Hi,
> >  > >
> >  > >  Good idea. Try to see if you can modify backend/account/sv_membersh.in
> >  > >  in this regard.
> >  > >
> >  > >  "cd /srv/hg/project" is a good idea, it permits to avoid the /srv/hg
> >  > >  path. Too bad I didn't think of this for SVN and Git at Savannah ;)
> >  > >
> >  >
> >  > I have added automatic authorized_keys command modification in this 
> > commit:
> >  >
> >  > 
> > http://github.com/aleix/savane-cleanup/commit/0062cd754fcde31519e7460d0058266df31b04e7
> >  >
> >  > I have modified sv_users.in instead of sv_membersh.in, because there
> >  > where the UserAddSSHKey calls are found. I have added and extra
> >  > argument for the ssh command to execute. It can be empty and only the
> >  > key will be saved (as before).
> >  >
> >  > I have added a new file sv_ssh_access.in that only executes
> >  > SSH_ORIGINAL_COMMAND (seems to work fine).
> >  >
> >  > I have also solved an issue when adding ssh keys. It seems that NULL
> >  > (i.e. when user has no ssh keys) were returned as 0, and the current
> >  > checks did not handle it, so the authorized_keys file was created with
> >  > a 0.
> >  >
> >  > May be an extra configuration file would be better, indicating whether
> >  > to use authorized_keys command or not. Or we could leave it like that
> >  > and add a configuration file (when needed) for the sv_ssh_access
> >  > script.
> >  >
> >  > And other thing I've seen, is that tabs are used. Is this the default?
> >  > I'd rather use spaces as as tabs are not very friendly (diffs,
> >  > printing, different tab settings, etc.).
> >  >
> >  > Any comments would be welcome.
> >