[lug] CVS access only
Scott A. Herod
herod at interact-tv.com
Thu Mar 15 14:45:23 MST 2001
Can I ask a question about this?
I think I've done what you suggested. To make sure I understand what
this is doing;
The "command" option forces that command to be run when a connection
from the machine with the given key occurs. The /etc/YOU_CANT_LOGIN
script is still necessary to keep them from changing their local
version of the key. ( I guess I'll have to have them send me the
contents of their public identity file so I can append those. )
Finally, below you have "/usr/local/bin/cvs server". That's all that's
necessary?
Thanks again for your help,
Scott
Tom Tromey wrote:
>
> >>>>> "Scott" == Scott A Herod <herod at interact-tv.com> writes:
>
> Scott> I'm trying to set up a CVS site that is accessible through
> Scott> ssh to some specific networked users but I don't won't them to
> Scott> have login access. Is there a standard way to do that?
>
> Yes, there is. We do this on sources.redhat.com.
>
> First disable all the login services except sshd.
>
> Then in the user's .ssh/authorized_keys, instead of just the key, put
> this:
>
> no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/local/bin/cvs server" ... rest of key here ...
>
> Read the sshd man page (I imagine) for more info on how this works.
>
> Tom
More information about the LUG
mailing list