Re: CVS over ssh question

From:
Date: 09/05/02


Date: Thu, 5 Sep 2002 16:22:26 +0000 (UTC)

On Wed, 04 Sep 2002 17:12:28 -0000,
    Tom Maddox <tmaddox@grace.speakeasy.net> wrote:
> Hi, all,
>
> Sorry for the cross-post, but I've got an obscure question, and I'm not sure
> what the best forum for it is.
>
> Here's the scenario:
> The company I'm at wants a remote group of developers to be able to access
> our CVS repository securely over an encrypted connection, to which end I've
> set up ssh tunneling. I've got that working fine, but another requirement
> has been put on me, namely that the remote developers not be allowed shell
> access to the CVS machine, and I can't figure out a good way to accomplish
> that while still allowing CVS access over ssh.
>
> I've tried using /bin/false as a shell as well as a simple text file
> containing an error message, but both cause ssh to return an error code and
> drop the connection. Basically, it seems like I need a shell that will do
> nothing while a user is connected. Anyone have a suggestion?
>
You could set up a vpn connection using pppd via ssh - set their shell to
/usr/sbin/pppd

You either need to use sudo or mess with groups and modes on pppd
chgrp vpn /usr/sbin/pppd
chmod 4750 /usr/sbin/pppd

etc.

Regards,

Tim.

-- 
God said, "div D = rho, div B = 0, curl E = - @B/@t, curl H = J + @D/@t," 
and there was light.

http://tjw.hn.org/ http://www.locofungus.btinternet.co.uk/