[prev in list] [next in list] [prev in thread] [next in thread]
List: darcs-users
Subject: Re: [darcs-users] darcs and SSH
From: zander () kde ! org
Date: 2005-03-02 8:04:23
Message-ID: 20050302080423.GB26937 () factotummedia ! nl
[Download RAW message or body]
On Tue, Mar 01, 2005 at 11:37:42PM +0000, Jamie Webb wrote:
> On Tue, Mar 01, 2005 at 08:30:46PM +0100, Philipp Kern wrote:
> > Dear list members,
> >
> > does anyone run darcs together with SSH in a secure way? As darcs uses
> > scp and sftp to pull and get patches over SSH from a repository I
> > thought that I could secure it with ``rssh'' which blocks everything
> > except scp/sftp access. The users' public keys are added to the
> > authorized_keys of the user account owning the repository. However, on
> > ``darcs push'' it tries to run ``darcs apply'' on the server, which
> > fails with this shell replacement.
> >
> > How could I work around this? My main intention is blocking direct
> > shell access to the box but allowing any file transfers and the use of
> > ``darcs''.
>
> I haven't tried this, but I see no reason why it can't be made to
> work. See the section 'authorized_keys format' in man sshd. Basically,
> you can specify a command against each public key, and allow only that
> command to be executed. I use this for remote backups.
>
> That works fine if you only have a single darcs repo, but you'll run
> into problems with more because darcs wants to pass the repodir on the
> command line, and sshd doesn't allow that. The workaround would be to
> write a couple of wrappers in perl or something that pass the repodir
> over stdin before handing over to darcs.
Sounds really interresting; if anyone gets this working please add it to
the wiki or sent it to me so I can do so.
Cheers!
--
Thomas Zander
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic