Re: Security features, path based authorization in subversion

On 2008-08-26 09:37:08 -0400, John Peacock wrote:
> I use it all the time and it works fine. What the ssh-tricks file
> doesn't make obvious is that you have to use *both* a dedicated key[1]
> *and* specify the username for the svnserve user that isn't the same as
> your own account name on that box.

Ah, OK. Fortunately the repository is on my own machine. But it would
be annoying if I needed to install the repository on an account where
I don't have root access.

I also see that this also prevents the user from writing directly to
the repository (e.g. by mistake), which is fine here.

> 1) Actually, the 'ssh-tricks' file is incorrect in that you don't have
> to have a dedicated ssh key for svnserve purposes (though that is
> strongly recommended).

Why would that be recommended? Note that I already have a dedicated
SSH key for each of my accounts, but I don't see any need to have
separate keys for shell access and svn access (except if I want
different ssh-agent policies).

> As long as you specify the username to log in as (either as part of
> the URL or with the '-l' ssh option), you can use the same identity
> file for both purposes.

I never specify the username on the command line, but do it by defining
an account in my .ssh/config file (the account name being given in the
Host declaration, the real hostname in Hostname, and so on).

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org