On Tue, Jul 19, 2011 at 10:30 PM, Andy Canfield
<andy.canfield_at_pimco.mobi> wrote:
> For example, I am on a Linux box named Lenny, logged in as 'andy'. I can ssh
> to hk.pimco.mobi as user 'andy', password 'psuedo'. But I don't want to.
> Instead, I would like to run the command:
> svn ... http://hk.pimco.mobi/svn/RepoName --username=andy
> --password=psuedo
Whoa there nelly. You're mixing apples and oranges and kumquats. Go
right over to the Red Book, and read the descriptions of *each* of
HTTP, svnservee, and svn+ssh. Keep them distinct.
> But this does not match what you are telling me. Apparently my brain is
> pointed 89 degrees off from the direction your brain is pointed. Please
> point me in the right direction.
See the explanations at http://svnbook.red-bean.com/. They go into
much more depth than we can here.
> Thank you.
>
>> The only well supported solution to this, so far, is to use SSH keys
>> for a shared account, and to use those keys to use a forced "command"
>> for that shared account, a "command" that enforces the user's name for
>> that particular svnserve instance.
>>
>> I've previously tried, myself, to help set up a restricted shell for
>> just such access, starting with the "rssh" tool, but didn't get very
>> far. That would be a significant security improvement, and help
>> protect the rest of the OS from unauthorized access with valid
>> Subversion logins with Kerberized or other account access, rather than
>> SSH keys.
>>
>
Received on 2011-07-20 07:17:00 CEST