Re: Alternatives for remote access?

From: Stephen C. Tweedie <sct_at_redhat.com>
Date: 2002-08-30 10:09:14 CEST

Hi,

On Fri, Aug 30, 2002 at 01:03:00AM -0700, Justin Erenkrantz wrote:

> And, I don't buy that ra_dav + mod_ssl is going to be inherently
> less secure than ra_pipe + SSH. Actually, since SSH access would
> require a local account, I'd posit that ra_pipe + SSH is *less*
> secure than ra_dav + mod_ssl. -- justin

No --- it requires a local account, but doesn't require ssh access to
that account.

ssh is pretty powerful in the way it allows you to restrict things.
You can prevent shell access via ssh connections if you want to, or
you can restrict the shell access to just a specific command (and you
can configure that on a per-key basis, so that certain remote users
can only do certain things over ssh, but others have full shell
access.)

Restricting the remote users to only be able to run the "cat" command
would be sufficient in this case: they would get nothing more than an
echo service, but they'd be able to do a ^D to shut down the
connection once they are finished with the port forwarding.

Cheers,
Stephen

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 30 10:10:41 2002

This message: [ Message body ]
Next message: Justin Erenkrantz: "Re: Alternatives for remote access?"
Previous message: Stephen C. Tweedie: "Re: Alternatives for remote access?"
In reply to: Justin Erenkrantz: "Re: Alternatives for remote access?"
Next in thread: brane_at_xbc.nu: "Re: Alternatives for remote access?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]