[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion: existing users

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Wed, 20 Jul 2011 01:14:04 -0400

On Tue, Jul 19, 2011 at 10:30 PM, Andy Canfield
<andy.canfield_at_pimco.mobi> wrote:

> For example, I am on a Linux box named Lenny, logged in as 'andy'. I can ssh
> to hk.pimco.mobi as user 'andy', password 'psuedo'. But I don't want to.
> Instead, I would like to run the command:
>    svn ... http://hk.pimco.mobi/svn/RepoName --username=andy
> --password=psuedo

Whoa there nelly. You're mixing apples and oranges and kumquats. Go
right over to the Red Book, and read the descriptions of *each* of
HTTP, svnservee, and svn+ssh. Keep them distinct.

> But this does not match what you are telling me. Apparently my brain is
> pointed 89 degrees off from the direction your brain is pointed. Please
> point me in the right direction.

See the explanations at http://svnbook.red-bean.com/. They go into
much more depth than we can here.

> Thank you.
>> The only well supported solution to this, so far, is to use SSH keys
>> for a shared account, and to use those keys to use a forced "command"
>> for that shared account, a "command" that enforces the user's name for
>> that particular svnserve instance.
>> I've previously tried, myself, to help set up a restricted shell for
>> just such access, starting with the "rssh" tool, but didn't get very
>> far. That would be a significant security improvement, and help
>> protect the rest of the OS from unauthorized access with valid
>> Subversion logins with Kerberized or other account access, rather than
>> SSH keys.
Received on 2011-07-20 07:17:00 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.