[darcs-users] darcs and SSH
zander at kde.org
zander at kde.org
Wed Mar 2 08:04:23 UTC 2005
On Tue, Mar 01, 2005 at 11:37:42PM +0000, Jamie Webb wrote:
> On Tue, Mar 01, 2005 at 08:30:46PM +0100, Philipp Kern wrote:
> > Dear list members,
> >
> > does anyone run darcs together with SSH in a secure way? As darcs uses
> > scp and sftp to pull and get patches over SSH from a repository I
> > thought that I could secure it with ``rssh'' which blocks everything
> > except scp/sftp access. The users' public keys are added to the
> > authorized_keys of the user account owning the repository. However, on
> > ``darcs push'' it tries to run ``darcs apply'' on the server, which
> > fails with this shell replacement.
> >
> > How could I work around this? My main intention is blocking direct
> > shell access to the box but allowing any file transfers and the use of
> > ``darcs''.
>
> I haven't tried this, but I see no reason why it can't be made to
> work. See the section 'authorized_keys format' in man sshd. Basically,
> you can specify a command against each public key, and allow only that
> command to be executed. I use this for remote backups.
>
> That works fine if you only have a single darcs repo, but you'll run
> into problems with more because darcs wants to pass the repodir on the
> command line, and sshd doesn't allow that. The workaround would be to
> write a couple of wrappers in perl or something that pass the repodir
> over stdin before handing over to darcs.
Sounds really interresting; if anyone gets this working please add it to
the wiki or sent it to me so I can do so.
Cheers!
--
Thomas Zander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20050302/69c2fdfc/attachment.pgp
More information about the darcs-users
mailing list