Re: Restricitng SSH for CVS user

From: Denice DEATRICH (deatrich_at_lthipc5)
Date: 07/29/03 

Date: 29 Jul 2003 18:38:01 +0200

Kyler Laird <Kyler@news.Lairds.org> writes:

>deatrich@lthipc5 (Denice DEATRICH) writes:

>>>Who owns ~/.ssh/authorized_keys(2)?

>>You have options -- for example, root.

>Perhaps you'd like to tell us which servers you've verified as allowing this.

If I understand what you are asking: I've done this on RH 8 or 9.

A minimal home dir for the account would look like this, supposing
an account named testcvs (similar to a testing account I did last year).
Of course, the id_dsa* files don't need to be there; I just kept
them around for testing.

# ls -laR
.:
total 12
dr-x------ 3 testcvs 30001 4096 Jul 22 2002 .
drwxr-xr-x 4 root root 4096 Oct 20 2002 ..
dr-x------ 2 testcvs 30001 4096 Jul 22 2002 .ssh

./.ssh:
total 20
dr-x------ 2 testcvs 30001 4096 Jul 22 2002 .
dr-x------ 3 testcvs 30001 4096 Jul 22 2002 ..
-r--r----- 1 root 30001 711 Jul 22 2002 authorized_keys2
-r-------- 1 testcvs 30001 668 Jul 22 2002 id_dsa
-r--r--r-- 1 testcvs 30001 599 Jul 22 2002 id_dsa.pub

I just reran a test from a distant, older linux client, and the only thing I
needed to do for the above set up besides setting my CVS envir. variables
was to force ssh2 in the config file on my distant account. So in the remote
client I have (supposing that my server was named toto.somewhere.net):

$ cat ~/.ssh/config
#
Host toto.somewhere.net
        Protocol 2

 cheers,
  denice 

--
denice.deatrich @ epfl.ch, DSC / LTHC-LTHI, E.P.F.L.   PH: +41 (21) 693 76 67
<*> This moment's fortune cookie:
Can anyone remember when the times were not hard, and money not scarce?

Relevant Pages

  • Re: SOS! IIS Stopped working completely!
    ... aspnet_wp.exe will run with the account in. ... If "Impersonate=false" in the config file: ... application event log. ... For more information about security descriptor definition language ...
    (microsoft.public.dotnet.framework.aspnet)
  • Web Serivce and Required Privilege
    ... service to run on a production web server, i.e. Visual Studio not installed. ... The account in the config file is a member of administrators. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Read Only Access to ALL Shares On a Network
    ... Even just an account, dom adm or not, that has ... > the domain Administrator password in a config file is ludacris. ... > a way to access all files without tweeking the ACLs on all shares? ...
    (microsoft.public.security)
  • RE: Problem with IIS 5.0 App Protection Low (IIS 6.0 Local System diff
    ... We seems to have solved our problem by using the ASP config file settings. ... You are advised to run the ASP.NET application worker process ... privileges than the default System account. ...
    (microsoft.public.inetserver.iis.security)
  • Re: sysmouse+wheelmouse+X
    ... OP here, using a different account. ... joy. ... I also tried with "auto" and "Auto", ... The base config file is what the XF86Config comand ...
    (comp.unix.bsd.freebsd.misc)