Re: to stop commit

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pierre Asselin <address@hidden> writes:

> Mark D. Baushke <address@hidden> wrote:
> 
> > Even at that, it is very easy to have anonymous
> > SSH access and that would be better than resorting to :pserver:.
> 
> Could you elaborate on the easy anonymous ssh ? 

Lots of folks are using it. A google search should find a number of
possible configurations including a chrooted system or a jail.

  http://www.openbsd.org/anoncvs.html
  http://reactor-core.org/howto-ssh-anoncvs.html

> The solutions I read about involved distributing a private key and
> assuming that the users would know what to do with it.

It is even easier than that, setup a anoncvs userid with a shells that
only runs the execl('/usr/bin/cvs', 'cvs', 'server', NULL) function and
that allows an empty password.

(You may also configure it to not allow scp or sftp.)

> Also, it wasn't clear to me that security would be much improved over
> :pserver:.

Security of sshd is much higher than security of cvs. The only
vulnerability will be that of the user/group you provide for the anoncvs
userid instead of the possibility of 'root' in most :pserver:
configurations.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFDBTnmCg7APGsDnFERAnJ8AKCYh4Bck0/roTOMa4cs99ZI7fQWZgCfZyTo
RLPbflgYVv+0JQGzDo3cHXM=
=gdra
-----END PGP SIGNATURE-----