Re: ssh based access?

On Mon, Apr 15, 2002 at 06:47:42PM -0400, Perry E. Metzger wrote:
>...
> Not at all. Among other things, ssh handles authentication with public
> keys very nicely. Doing that with SSL requires certificates and CAs --
> ssh does not. People have ssh infrastructures in place and are not
> necessarily happy about being asked to change everything around. There
> are also firewall issues.

I could also maintain that using certs would *simplify* things. No more need
for system accounts or authorized_keys(2) or setting up CVS_RSH variables or
any of that.

Six of one, half-dozen of another...

Yes, people have SSH infrastructures set up. And obviating those will
definitely play a part in using SVN. I would hope that most people will
establish a private CA for their server and then issue certs for their
users. The server can then say "only allow people with certs issued by me"
rather than needing to track every single user and set of keys.

If people don't want to switch, then they certainly have that choice. At
some point, somebody will get peeved enough with the status quo and will
develop the ra_pipe thingy and people could start tunneling via ssh. But I
will continue to regard that as subpar relative to direct SSL usage via the
HTTP connection.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org