[prev in list] [next in list] [prev in thread] [next in thread] 

List:       darcs-users
Subject:    Re: [darcs-users] darcs and SSH
From:       zander () kde ! org
Date:       2005-03-02 8:04:23
Message-ID: 20050302080423.GB26937 () factotummedia ! nl
[Download RAW message or body]


On Tue, Mar 01, 2005 at 11:37:42PM +0000, Jamie Webb wrote:
> On Tue, Mar 01, 2005 at 08:30:46PM +0100, Philipp Kern wrote:
> > Dear list members,
> > 
> > does anyone run darcs together with SSH in a secure way? As darcs uses 
> > scp and sftp to pull and get patches over SSH from a repository I 
> > thought that I could secure it with ``rssh'' which blocks everything 
> > except scp/sftp access. The users' public keys are added to the 
> > authorized_keys of the user account owning the repository. However, on 
> > ``darcs push'' it tries to run ``darcs apply'' on the server, which 
> > fails with this shell replacement.
> > 
> > How could I work around this? My main intention is blocking direct 
> > shell access to the box but allowing any file transfers and the use of 
> > ``darcs''.
> 
> I haven't tried this, but I see no reason why it can't be made to
> work. See the section 'authorized_keys format' in man sshd. Basically,
> you can specify a command against each public key, and allow only that
> command to be executed. I use this for remote backups.
> 
> That works fine if you only have a single darcs repo, but you'll run
> into problems with more because darcs wants to pass the repodir on the
> command line, and sshd doesn't allow that.  The workaround would be to
> write a couple of wrappers in perl or something that pass the repodir
> over stdin before handing over to darcs.

Sounds really interresting; if anyone gets this working please add it to
the wiki or sent it to me so I can do so.
Cheers!

-- 
Thomas Zander

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]