|
From: | Ludger Fiege |
Subject: | Re: remote cvs access - recommendations |
Date: | Fri, 10 Oct 2003 09:00:34 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; ; MultiZilla v1.5.0.2f) Gecko/20030827 |
Eric Siegerman wrote:
On Wed, Oct 08, 2003 at 10:59:37AM -0700, address@hidden wrote:but in general, someone who accesses cvs [via SSH] has system access. not only can my co-developer do things like "cvs checkout" and "cvs commit", but he can also ssh into the machine and work at a remote shell. is there a way to give co-developers access to cvs WITHOUT giving them system level access?You can configure sshd to only allow one command, "cvs". I'm not sure how to do that, but it's been discussed here in the last few days, so check the list archives.
prepend the following commands to the respective entry in the authorized_key[2] file of the account on your cvs box (typically in ~/.ssh/):
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/cvs server" ssh-rsa YOUR_KEY_HERE
bye Ludger
[Prev in Thread] | Current Thread | [Next in Thread] |