info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cvs ext (ssh), but no shell access..


From: Mark D. Baushke
Subject: Re: cvs ext (ssh), but no shell access..
Date: Thu, 25 Sep 2003 01:09:00 -0700

address@hidden writes:

> Larry Jones wrote:
> > 
> > Wim Bertels writes:
> > >
> > > cvs is up and running, but by using the ext method users
> > > automatically gain shell access to the cvs server, this in NOT
> > > intended, how do you solve this.
> > 
> > You can configure sshd to only allow certain commands -- see the sshd
> > documentation for details.
> 
>    http://www.openbsd.org/cgi-bin/man.cgi?query=sshd
> 
> What sshd option are you refering to?  I looked in the docs, and could
> not find such a configuration parameter.  I would expect this man page
> is for the latest sshd, 3.7p1, or later. 

The possibilities are present in the documentation, but not listed
in a way that immediately comes to mind for their use.

There are three basic mechanisms you may use:

a) $HOME/.ssh/authorized_keys may contain the following option:

     command="command"
             Specifies that the command is executed whenever this key is used
             for authentication.  The command supplied by the user (if any) is
             ignored.  The command is run on a pty if the client requests a
             pty; otherwise it is run without a tty.  If an 8-bit clean chan-
             nel is required, one must not request a pty or should specify no-
             pty.  A quote may be included in the command by quoting it with a
             backslash.  This option might be useful to restrict certain pub-
             lic keys to perform just a specific operation.  An example might
             be a key that permits remote backups but nothing else.  Note that
             the client may specify TCP/IP and/or X11 forwarding unless they
             are explicitly prohibited.  Note that this option applies to
             shell, command or subsystem execution.

   where command could be set to be '/usr/bin/cvs' (or whatever).

   This mecanism is probably the most common. A web server or similar
   running on the cvs server box might let you submit an ssh public key
   to be used and it would setup the user account with the appropriate
   command= provided.

b) You could provide a restricted shell on the cvs machine which only
   provides for the running of the 'cvs server' command and any commands
   that you need to run in your commitinfo/verifyinfo/loginfo/taginfo
   scripts. Many different kinds of restricted shells exist, which one
   you choose will depend almost entirely on your environment and goals.

c) By forcing the /etc/ssh/rc to exec the '/usr/bin/cvs server' command
   for the user after always making usre the $HOME/.ssh/rc script is
   never allowed to exist... not really a very secure answer, but I have
   heard of folks using this appraoch...

There may be other mechanisms, but those are probably the most common.

        Good luck,
        -- Mark

Attachment: pgpDmAKdeELjj.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]