Issue 204 in svnbook: ch06: SSH Configuration Tricks clarification

[svnbook at googlecode.com]

Status: New
Owner: ----
Labels: Type-Enhancement Priority-Medium

New issue 204 by kubalik.... at gmail.com: ch06: SSH Configuration Tricks  
clarification
http://code.google.com/p/svnbook/issues/detail?id=204

Firstly, I have to thanks for really good and helpful documentation which  
is this book.

Anyway, there is a suggestion to the chapter 6, section SSH Configuration  
Tricks. During the first reading of this chapter it was difficult to  
understand where to put authorized keys with the command and what username  
is the client suppose to use.

There could be mentioned that it is the "svnuser/.ssh/authorized_keys" file  
where all the user's (harry and sally)'s public keys with commands are put.  
Therefore each user is using svnuser username in the svn+ssh url, i.e. svn  
co svn+ssh://svnuser@server/repository (example may be added as well).

 From the paragraph "A final word of caution" I had feeling that if you add  
the command="" field into the authorized_keys file, the same user is still  
able to connect through the ssh to the shell. The paragraph actually speaks  
about the harry's and sally's login, not the svnuser. The svnuser is  
actually connected to stdin/stdout of the svnserve command when he  
does "ssh svnuser at server". That could be also mentioned.

A good trick is also setting umask before svnserve is run if you do not  
want any user to have permission to access the repository filesystem  
structure. I don't know about any other way how to set the default svnuser  
umask as the .profile is not read when ssh session is started with this  
command:

command="umask 027; svnserve -t --tunnel-user=harry" TYPE1 KEY1  
harry at example.com

Regards

Jakub

-- 
You received this message because this project is configured to send all  
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings