[darcs-users] darcs and SSH

zander at kde.org zander at kde.org
Wed Mar 2 08:04:23 UTC 2005

On Tue, Mar 01, 2005 at 11:37:42PM +0000, Jamie Webb wrote:
> On Tue, Mar 01, 2005 at 08:30:46PM +0100, Philipp Kern wrote:
> > Dear list members,
> > 
> > does anyone run darcs together with SSH in a secure way? As darcs uses 
> > scp and sftp to pull and get patches over SSH from a repository I 
> > thought that I could secure it with ``rssh'' which blocks everything 
> > except scp/sftp access. The users' public keys are added to the 
> > authorized_keys of the user account owning the repository. However, on 
> > ``darcs push'' it tries to run ``darcs apply'' on the server, which 
> > fails with this shell replacement.
> > 
> > How could I work around this? My main intention is blocking direct 
> > shell access to the box but allowing any file transfers and the use of 
> > ``darcs''.
> I haven't tried this, but I see no reason why it can't be made to
> work. See the section 'authorized_keys format' in man sshd. Basically,
> you can specify a command against each public key, and allow only that
> command to be executed. I use this for remote backups.
> That works fine if you only have a single darcs repo, but you'll run
> into problems with more because darcs wants to pass the repodir on the
> command line, and sshd doesn't allow that.  The workaround would be to
> write a couple of wrappers in perl or something that pass the repodir
> over stdin before handing over to darcs.

Sounds really interresting; if anyone gets this working please add it to
the wiki or sent it to me so I can do so.

Thomas Zander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20050302/69c2fdfc/attachment.pgp 

More information about the darcs-users mailing list