Re: CVS without a shell

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 03/26/04

• Next message: Darren Tucker: "Re: Error: "Cannot initialize SFTP protocol. Is the host running a SFTP server?""
• Previous message: Darren Tucker: "Re: SSH and login without password (not passwordless login)"
• In reply to: Cole Tuininga: "CVS without a shell"
• Next in thread: Pierre Asselin: "Re: CVS without a shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 26 Mar 2004 01:14:14 +0000 (UTC)

In article <pan.2004.03.25.21.07.12.679038@tuininga.org>,
Cole Tuininga <cole@tuininga.org> wrote:
>Hi all, I have a question about cvs with ssh that I was hoping y'all might
>be able to help me with. Essentially, I've got a box that I want to give
>my developers secure cvs access (via ssh). However, I don't want them to
>have a shell account.
>
>With the shell set to /bin/false, they can't cvs in. Any ideas? Thanks
>in advance...

You'll need to set up a restricted shell. Many sshd's check that the
user's shell is valid (ie listed in /etc/shells) and use that shell to
execute the specified command. (OpenSSH's sshd certainly does).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

• Next message: Darren Tucker: "Re: Error: "Cannot initialize SFTP protocol. Is the host running a SFTP server?""
• Previous message: Darren Tucker: "Re: SSH and login without password (not passwordless login)"
• In reply to: Cole Tuininga: "CVS without a shell"
• Next in thread: Pierre Asselin: "Re: CVS without a shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: CVS over ssh question ... Tom Maddox wrote: ... > has been put on me, namely that the remote developers not be allowed shell ... > access to the CVS machine, and I can't figure out a good way to accomplish ... > that while still allowing CVS access over ssh. ... (comp.os.linux.security) CVS over ssh question ... our CVS repository securely over an encrypted connection, ... that while still allowing CVS access over ssh. ... I've tried using /bin/false as a shell as well as a simple text file ... (comp.os.linux.security) Re: CVS over ssh question ... > our CVS repository securely over an encrypted connection, ... > has been put on me, namely that the remote developers not be allowed shell ... > that while still allowing CVS access over ssh. ... (comp.os.linux.security) Re: CVS over ssh question ... > access our CVS repository securely over an encrypted connection, ... > which end I've set up ssh tunneling. ... > developers not be allowed shell access to the CVS machine, ... (comp.os.linux.security) Re: Allow SFTP sessions and refuse interactive SSH access for some users. ... >> users when they use SSH interactive mode (i.e. allowing only SFTP ... and the shell is used to exec sftp-server. ... Good judgement comes with experience. ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint