[Savannah-cvs] [789] partially update info on SSH access scripts

savannah-cvs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [789] partially update info on SSH access scripts

From:	ineiev
Subject:	[Savannah-cvs] [789] partially update info on SSH access scripts
Date:	Thu, 30 May 2024 03:49:19 -0400 (EDT)
Revision: 789
          
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=789
Author:   ineiev
Date:     2024-05-30 03:49:18 -0400 (Thu, 30 May 2024)
Log Message:
-----------
partially update info on SSH access scripts

Modified Paths:
--------------
    trunk/sviki/Git.mdwn
    trunk/sviki/SavaneReleases.mdwn
    trunk/sviki/SavaneSetup.mdwn
    trunk/sviki/SavannahHosts.mdwn
    trunk/sviki/ShellAccess.mdwn
    trunk/sviki/SshAccess.mdwn
    trunk/sviki/UserAuthentication.mdwn

Modified: trunk/sviki/Git.mdwn
===================================================================
--- trunk/sviki/Git.mdwn        2024-05-13 13:14:13 UTC (rev 788)
+++ trunk/sviki/Git.mdwn        2024-05-30 07:49:18 UTC (rev 789)
@@ -4,7 +4,9 @@
 -------------
 
 Repositories are in `/srv/git/group_name.git` for now.
-git+ssh is supported in Savane's `sv_membersh` (delegates to git-shell).
+git+ssh is supported in Savane's `sv_membersh` (delegates to git-shell),
+however, as of 2024-04, a customized setup is used that doesn't involve
+`sv_membersh`.
 The git:// lightweight protocol is also available.
 
 Creating an additional repository

Modified: trunk/sviki/SavaneReleases.mdwn
===================================================================
--- trunk/sviki/SavaneReleases.mdwn     2024-05-13 13:14:13 UTC (rev 788)
+++ trunk/sviki/SavaneReleases.mdwn     2024-05-30 07:49:18 UTC (rev 789)
@@ -36,7 +36,7 @@
   at our Cgit instance (the "Corresponding source code" link at the bottom
   of the page).  Keeping the frontend branch at the specific commit makes sure
   that it is accessible and git gc doesn't remove it.
-- The sv_membersh script for SSH access, namely, VCS servers and the download
+- The sv_membersh script for SSH access, as of 2024-04 used at the download
   server.  The source code of Savane is provided from the same machine through
   RSYNC, which is one of the protocols offered for downloading the hosted data.
 

Modified: trunk/sviki/SavaneSetup.mdwn
===================================================================
--- trunk/sviki/SavaneSetup.mdwn        2024-05-13 13:14:13 UTC (rev 788)
+++ trunk/sviki/SavaneSetup.mdwn        2024-05-30 07:49:18 UTC (rev 789)
@@ -58,7 +58,10 @@
 
 The offer from sv_membersh suggests an rsync option that omits the '.git'
 directory, so --enable-changelog is used as a way to list the changes made
-in original software.
+in original software. (As of 2024-04, sv_membersh isn't used on vcs
+machines, but that doesn't invalidate the Savane setup above
+and the possibility to get the corresponding source code of the running
+instance.)
 
 ### download
 

Modified: trunk/sviki/SavannahHosts.mdwn
===================================================================
--- trunk/sviki/SavannahHosts.mdwn      2024-05-13 13:14:13 UTC (rev 788)
+++ trunk/sviki/SavannahHosts.mdwn      2024-05-30 07:49:18 UTC (rev 789)
@@ -851,8 +851,8 @@
     MaxAuthTries 3
 
 Prevent ssh from passing through LANG and LC_* so as to avoid
-ungenerated locales on the local server from being seen by the perl
-script sv_membersh script used for access control.
+ungenerated locales on the local server from being seen by the
+script used for access control.
 
     File /etc/ssh/sshd_config
     #AcceptEnv LANG LC_*
@@ -1250,7 +1250,7 @@
 
 Prevent ssh from passing through LANG and LC_* so as to avoid
 ungenerated locales on the local server from being seen by the perl
-script sv_membersh script used for access control.
+script sv_membersh used for access control.
 
     File /etc/ssh/sshd_config
     #AcceptEnv LANG LC_*

Modified: trunk/sviki/ShellAccess.mdwn
===================================================================
--- trunk/sviki/ShellAccess.mdwn        2024-05-13 13:14:13 UTC (rev 788)
+++ trunk/sviki/ShellAccess.mdwn        2024-05-30 07:49:18 UTC (rev 789)
@@ -8,7 +8,7 @@
 run to do, e.g., vc operations.  (Validation is done against databases
 on internal0.)
 
-Savane distributes `sv_membersh`, a simple Perl script, that loads
+Savane distributes `sv_membersh`, a simple Perl script that loads
 another Perl script in /etc for configuration. Using a Perl script as a
 login shell may yield some efficiency concerns.  However, this is what we
 currently do on Savannah; efficiency here has not been a problem.

Modified: trunk/sviki/SshAccess.mdwn
===================================================================
--- trunk/sviki/SshAccess.mdwn  2024-05-13 13:14:13 UTC (rev 788)
+++ trunk/sviki/SshAccess.mdwn  2024-05-30 07:49:18 UTC (rev 789)
@@ -86,33 +86,43 @@
 Third: you can test whether the problem is with your ssh setup or
 something on Savannah by running:
 
-   ssh yourlogin@cvs.savannah.gnu.org
+   ssh yourlogin@download.savannah.gnu.org
 
 If you get the following message:
 
-    sv_membersh is part of Savane.
+    Last login: Thu May 30 03:38:15 2024 from [...]
+    AGPL notice: sv_membersh is part of Savane.
     In order to download the corresponding source code of Savane, run
-    
-      rsync -avz --cvs-exclude 
yourlogin@cvs.savannah.nongnu.org:/opt/src/savane .
-    
+
+      rsync [...]
+
     You tried to execute:
     Sorry, you are not allowed to execute that command.
-    
+
     Configuration file:
-    
+
             /opt/savane/etc/savane/membersh-conf.pl
-    
+
     Available commands:
-    
-            cvs:    %^cvs server$%
-            rsync:  %^rsync --server --sender %
-    
-    Connection to cvs.savannah.gnu.org closed.
 
+            rm:     %^rm ([[:alnum:]_/.-]+)%
+            rmdir:  %^rmdir ([[:alnum:]_/.-]+)%
+            rsync:  [...]
+            scp:    %^scp( -[dprv])* (-t|-f) (-- )?([[:alnum:]_/.-]+)$%
+
+    Connection to download.savannah.gnu.org closed.
+
+On VCS machines, the message you get is,
+
+    Hello yourlogin!  You've successfully authenticated, but interactive
+    shell access is not allowed.
+
+    Connection to git.savannah.gnu.org closed.
+
 Then things are working okay for you.  That illustrates that the login
 was successful and the access security on the server prevented the action.
 (Note that sv_membersh will offer the source code of Savane every time
-you invoke SSH unless you disable that offer in your Savannah account
+you invoke it unless you disable that offer in your Savannah account
 configuration, the 'Quiet SSH member shell' checkbox.)
 
 If you fail an ssh login too many times in a short period of time then

Modified: trunk/sviki/UserAuthentication.mdwn
===================================================================
--- trunk/sviki/UserAuthentication.mdwn 2024-05-13 13:14:13 UTC (rev 788)
+++ trunk/sviki/UserAuthentication.mdwn 2024-05-30 07:49:18 UTC (rev 789)
@@ -49,7 +49,7 @@
 In Savannah systems, there is a Unix user for *each* Savannah
 registered account:
 
-     vcs0:~# getent passwd agn
+     download0:~# getent passwd agn
      agn:x:131035:1003:Assaf Gordon:/srv:/usr/local/bin/sv_membersh
 
 and a unix group for *each* Savannah registered group:
[Prev in Thread]
Current Thread
[Next in Thread]
[Savannah-cvs] [789] partially update info on SSH access scripts, ineiev <=
Prev by Date: [Savannah-cvs] [788] more updates
Previous by thread: [Savannah-cvs] [788] more updates
Index(es):
- Date
- Thread