subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulf Seltmann <seltm...@digitalzone.de>
Subject Re: dav-svn in multihost environments, but safe
Date Mon, 26 Jul 2010 14:46:32 GMT
Am 26.07.2010 13:27, schrieb Nico Kadel-Garcia:
> The svnuser has its password locked and unusable, and it's shell set
> to /sbin/nologin. The SSH clients have their public SSH keys set,
> ideally public keys used for this alone though that's hard to enforce,
> and the keys are used for the svnuser's "authorized_keys" file to run
> the svnserve command with the "--user" option. This is the typical
> syntax, from the Subversion book, with "TYPE1 KEY1" being copied from
> the SSH key for "harry".
>
>       command="svnserve -t
> --tunnel-user=harry",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
> TYPE1 KEY1 harry@example.com
Ok. thanks for pointing me to the manual. so let me summarize:

1. One ssh-account is needed.
2. via public keys i can identify different users. one keypair is needed 
for each user and the public key has to be in the authorized_key file of 
the ssh-account
3. i can disable all different task models via authorized_key file but 
let the ssh user as it is (for svn unrelated jobs)
4. fine-granulared access-restriction is possible via authz-db

So, this is still a bunch of work, but seems doable

thanks so far

ciao
Ulf

Mime
View raw message