subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
Date Mon, 25 Nov 2013 10:56:14 GMT
If you go to alternative SSH port, which is not that unusualy, write
and show them the restricted sshd_config to restrict access to only
that specified service for only that specified user. No password
logins, no normal shells, use the authorized_keys ForceCommand access
only for that alternative service.

On Mon, Nov 25, 2013 at 5:43 AM, Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> sbremal@hotmail.com wrote on Mon, Nov 25, 2013 at 10:24:16 +0000:
>> Correct, default SSH port is not open on the corporate firewall. I am
>> sure there are workarounds, however having contractual obligations not
>> sure I should try hard to be unorthodox.
>
> I still suggest that you try to run sshd.  If you can't convince them to
> open port 22, try to convince them to run sshd on port 1022.  That's not
> unorthodox, it's common practice for evading vulnerability scanners and
> root-login-attemptors.
>
> Daniel
>
>> SSH + SVN is my favourite and will stay with it as the primary access method. If
I could top it with HTTP access using the existing Unix authentication and authorization framework,
I would be more than happy. After all Unix works for tens of years, why to change it???
>>
>> Other alternative would be to force Apache to spawn MOD_DAV_SVN processes as the
authenticated user, wonder if it is possible, or has any inadvertent complications.
>>
>>
>> B.
>>
>> ----------------------------------------
>> > Date: Sat, 23 Nov 2013 01:07:16 +0200
>> > From: d.s@daniel.shahaf.name
>> > To: sbremal@hotmail.com
>> > CC: users@subversion.apache.org
>> > Subject: Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
>> >
>> > sbremal@hotmail.com wrote on Thu, Nov 21, 2013 at 18:37:21 +0000:
>> >> I am very happy with the SSH + 'svnserve' access to my repositories,
>> >> however due to firewall issues I need access through HTTP as well.
>> >> What I do not want is to set up a 2nd authentication / authorization
>> >> database.
>> >
>> > What are the "firewall issues", exactly? Why can't you use svn+ssh?
>> > Can you run sshd on port 80 (which would allow you to use svn+ssh
>> > without httpd at all)?
>> >
>> > Daniel

Mime
View raw message