[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: System username and :ext:/SSH

From: Mark Priest
Subject: Re: Re: System username and :ext:/SSH
Date: Sun, 16 Nov 2003 20:58:33 -0500


There must be at least one operating system user for you to use ext with ssh
because ssh is a remote login method.  The purpose of ssh is to allow a user
a remote login so it does not make sense to not have a user.

That being said, the ssh user account can be configured to have very limited
permissions.  The user's shell can be set to null in /etc/passwd and the
user can be restricted from an interactive login session and can even be
restricted to allow just a single command to be issued - namely cvs server
based on sshd configuration.  With all of this set up the remote user can't
do much other than execute cvs commands on the server.


----- Original Message ----- 
From: "Lazy Dumbness" <address@hidden>
To: "CVS-II Discussion Mailing List" <address@hidden>
Sent: Sunday, November 16, 2003 8:32 PM
Subject: Re: Re: System username and :ext:/SSH

> I also have a question.Maybe you have told about it but only I'm not
> understand. I want to know,via :ext:/SSH,weather a user must be and
> OS user?No matter how security the ssh is.I don't want give them
> the OS account.The /CVSROOT/passwd file, :pserver: give a way needn't
> system account but still can access the CVS repository.Is ssh also
> can do so? I'm afraid it can't,because I tried but failed.
> >[ On Sunday, November 16, 2003 at 11:22:41 (+0200), Stephen Biggs
wrote: ]
> >> Subject: System username and :ext:/SSH
> >>
> >> Is there a way to duplicate the behavior of the CVSROOT/passwd actions
> >> logging on with SSH?
> >>
> >> Specifically, if there is a system username alias in the passwd file,
> >> takes effect when logging on with a password.
> >>
> >> Is there a way to get that system username when accessing the
repository using
> >> SSH through :ext:?
> >
> >SSH is SSH.  It's a true remote job execution protocol with the ability
> >to enforce strong authentication and full Unix authorisation.  Every
> >SSH user is a real OS user.  I.e. SSH makes it possible to use a remote
> >CVS server with almost as much security as one would be able to achieve
> >if everyone had to do all their CVS work directly on the machine where
> >the CVS repository resides.  You don't need, or want, anything to do
> >with the flawed and totally insecure cvs-pserver functionality when
> >you're using SSH properly.
> >
> >-- 
> > Greg A. Woods
> >
> >+1 416 218-0098                  VE3TCP            RoboHack
> >Planix, Inc. <address@hidden>          Secrets of the Weird
> >
> >
> >_______________________________________________
> >Info-cvs mailing list
> >address@hidden
> >
> _______________________________________________
> Info-cvs mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]