[darcs-users] darcs and SSH

Jamie Webb j at jmawebb.cjb.net
Tue Mar 1 23:37:42 UTC 2005


On Tue, Mar 01, 2005 at 08:30:46PM +0100, Philipp Kern wrote:
> Dear list members,
> 
> does anyone run darcs together with SSH in a secure way? As darcs uses 
> scp and sftp to pull and get patches over SSH from a repository I 
> thought that I could secure it with ``rssh'' which blocks everything 
> except scp/sftp access. The users' public keys are added to the 
> authorized_keys of the user account owning the repository. However, on 
> ``darcs push'' it tries to run ``darcs apply'' on the server, which 
> fails with this shell replacement.
> 
> How could I work around this? My main intention is blocking direct 
> shell access to the box but allowing any file transfers and the use of 
> ``darcs''.

I haven't tried this, but I see no reason why it can't be made to
work. See the section 'authorized_keys format' in man sshd. Basically,
you can specify a command against each public key, and allow only that
command to be executed. I use this for remote backups.

That works fine if you only have a single darcs repo, but you'll run
into problems with more because darcs wants to pass the repodir on the
command line, and sshd doesn't allow that.  The workaround would be to
write a couple of wrappers in perl or something that pass the repodir
over stdin before handing over to darcs.

HTH

-- Jamie Webb




More information about the darcs-users mailing list