bug-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS and SSH - $LOGNAME environment variable


From: Steven Queen
Subject: CVS and SSH - $LOGNAME environment variable
Date: Wed, 13 Aug 2003 15:35:33 -0400
User-agent: Mozilla/5.0 (X11; U; IRIX64 IP30; en-US; rv:1.3) Gecko/20030327

I have been using CVS in conjunction with an anonymous SSH account for about 6 month's now in a configuration that requires a small modification to the source code. Specifically, I wanted a single account on the CVS server through which all of the developers could access the repository -- but using SSH for maximum security.

The technique I used is described in detail in the O'Reilly book,
"SSH The Secure Shell: The Definitive Guide" by Barrett and Silverman, on p. 309, section 8.2.6.1. The method establishes a single public CVS
login account with a restricted login shell that can only run CVS. The
only method of login into this account is via SSH, and it uses the ability of OpenSSH to set a users environment variables (e.g. $LOGNAME) based on the specific public key the use to gain access to the account. The reason for setting the LOGNAME of the user is so that CVS submittals are attributed to the correct developer, not solely with the public access account. This scheme is straight out of the SSH text mentioned -- only it didn't work with CVS 1.1.14, when I tried it.

The solution was a modification of the source code file subr.c. I have
attached the (not very elegant) patch I applied to that file.

If this is something that should be incorporated into CVS, perhaps as a build option, please let me know and I can provide more details.

Thanks for a wonderful produce.
--
_______________________________________________

   Steven.Z.Queen@nasa.gov
   NASA, Goddard Space Flight Center
   Flight Dynamics Analysis Branch, Code 572
   V:(301) 286-0988  F:(301) 286-0369
_______________________________________________
368a369,383
>     
>     /* I added the following bogus if-structure for the    *
>      * public server/ssh name resolution -  S.Queen 4/3/03 *
>      * ----------------------------------------------------*/
>     if (1) {
> 
>        char *name;
> 
>        name = getenv("LOGNAME");
>        cache = xstrdup (name);
>        fprintf(stderr,"New code!\n");
>        return cache;
>     }
>     /* ----------------------------------------------------*/
> 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]