[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Alternatives for remote access?

From: Stephen C. Tweedie <sct_at_redhat.com>
Date: 2002-08-30 10:09:14 CEST


On Fri, Aug 30, 2002 at 01:03:00AM -0700, Justin Erenkrantz wrote:

> And, I don't buy that ra_dav + mod_ssl is going to be inherently
> less secure than ra_pipe + SSH. Actually, since SSH access would
> require a local account, I'd posit that ra_pipe + SSH is *less*
> secure than ra_dav + mod_ssl. -- justin

No --- it requires a local account, but doesn't require ssh access to
that account.

ssh is pretty powerful in the way it allows you to restrict things.
You can prevent shell access via ssh connections if you want to, or
you can restrict the shell access to just a specific command (and you
can configure that on a per-key basis, so that certain remote users
can only do certain things over ssh, but others have full shell

Restricting the remote users to only be able to run the "cat" command
would be sufficient in this case: they would get nothing more than an
echo service, but they'd be able to do a ^D to shut down the
connection once they are finished with the port forwarding.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 30 10:10:41 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.