Issue 204 in svnbook: ch06: SSH Configuration Tricks clarification
svnbook at googlecode.com
svnbook at googlecode.com
Tue Oct 15 01:57:03 CDT 2013
Status: New
Owner: ----
Labels: Type-Enhancement Priority-Medium
New issue 204 by kubalik.... at gmail.com: ch06: SSH Configuration Tricks
clarification
http://code.google.com/p/svnbook/issues/detail?id=204
Firstly, I have to thanks for really good and helpful documentation which
is this book.
Anyway, there is a suggestion to the chapter 6, section SSH Configuration
Tricks. During the first reading of this chapter it was difficult to
understand where to put authorized keys with the command and what username
is the client suppose to use.
There could be mentioned that it is the "svnuser/.ssh/authorized_keys" file
where all the user's (harry and sally)'s public keys with commands are put.
Therefore each user is using svnuser username in the svn+ssh url, i.e. svn
co svn+ssh://svnuser@server/repository (example may be added as well).
From the paragraph "A final word of caution" I had feeling that if you add
the command="" field into the authorized_keys file, the same user is still
able to connect through the ssh to the shell. The paragraph actually speaks
about the harry's and sally's login, not the svnuser. The svnuser is
actually connected to stdin/stdout of the svnserve command when he
does "ssh svnuser at server". That could be also mentioned.
A good trick is also setting umask before svnserve is run if you do not
want any user to have permission to access the repository filesystem
structure. I don't know about any other way how to set the default svnuser
umask as the .profile is not read when ssh session is started with this
command:
command="umask 027; svnserve -t --tunnel-user=harry" TYPE1 KEY1
harry at example.com
Regards
Jakub
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
More information about the svnbook-dev
mailing list