Re: disable security hole in svn+ssh?

From: Matthew Beals <mjbeals_at_mtu.edu>
Date: Thu, 28 Jul 2011 10:44:47 -0400 (EDT)

> That "svn" user can be set to have no valid shell, with its shell set
> to something like "/sbin/nologin". This is actually quite common for
> system services to have no valid shell. This is how the "apache" or
> "www-data" user is usually set up.
But that would prevent login using ssh, which I don't want. I can tell
the sysadmin "we need an SSH login for Charlie so he can use
Subversion", but I cannot say "You have to cut the SSH login for Marilyn
so she can't use Subversion".

*Truncated for clarity*
One option would be to generate a different (password enabled... of course) key for each unique user (all logging in with the same SVN user name). Then revoking SVN access is as simple as removing that user's key from the authorized_keys list.

----------------------------------------
Matthew Beals
Michigan Technological University
Department of Atmospheric Sciences
1400 Townsend Drive
B019a Fisher Hall
Houghton, MI 49931
mjbeals_at_mtu.edu
Received on 2011-07-28 16:45:20 CEST

This message: [ Message body ]
Next message: Geoff Hoffman: "Re: disable security hole in svn+ssh?"
Previous message: Andy Canfield: "Re: disable security hole in svn+ssh?"
In reply to: Andy Canfield: "Re: disable security hole in svn+ssh?"
Next in thread: Nico Kadel-Garcia: "Re: disable security hole in svn+ssh?"
Reply: Nico Kadel-Garcia: "Re: disable security hole in svn+ssh?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]