[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: need to force username of cvs 'action' when using shared SSHaccount
From: |
Tim Grotenhuis |
Subject: |
Re: need to force username of cvs 'action' when using shared SSHaccount |
Date: |
Tue, 4 May 2004 15:46:50 -0400 |
SSH is:
a. secure through encryption ( cleartexting across the net with pserver is
inviting disaster)
b. through the SSH command="" you can limit users to one command based on
the key they are authenticating with.
tg
----- Original Message -----
From: "Greg A. Woods" <address@hidden>
To: "CVS-II Discussion Mailing List" <address@hidden>
Sent: Tuesday, May 04, 2004 3:10 PM
Subject: Fw: need to force username of cvs 'action' when using shared
SSHaccount
> [ someone wrote: ]
> > Subject: Fw: need to force username of cvs 'action' when using shared
SSH account
> >
> > I just can't imagine that this hasn't been required before: a single
shell
> > account with a used id of, for example, 'cvsuser' requiring SSH,
instead of
> > pserver, authentication and access for developers. The nature of CVS,
that
> > of tracking diffs and who did what when, seems to be compromised in this
> > situation. Thats all.
>
> I just cannot possibly ever even conceive of anyone using a "shared SSH
> account".
>
> The very concept is entirely antithetical to the goals of SSH and
> computing security in general.
>
> You may as well just use pserver in the clear and be very explicit and
> forthright about your total lack of security.
>
> [[ And yes, I do intend that comment to be very sarcastic. ]]
>
> --
> Greg A. Woods
>
> +1 416 218-0098 VE3TCP RoboHack
<address@hidden>
> Planix, Inc. <address@hidden> Secrets of the Weird
<address@hidden>
>
>
> _______________________________________________
> Info-cvs mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/info-cvs
>
>
>
Re: Fw: need to force username of cvs 'action' when using shared SSH, Larry Jones, 2004/05/04
Fw: need to force username of cvs 'action' when using shared SSH account, Keith Refson, 2004/05/05