[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Mon, 25 Nov 2013 05:56:14 -0500

If you go to alternative SSH port, which is not that unusualy, write
and show them the restricted sshd_config to restrict access to only
that specified service for only that specified user. No password
logins, no normal shells, use the authorized_keys ForceCommand access
only for that alternative service.

On Mon, Nov 25, 2013 at 5:43 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> sbremal_at_hotmail.com wrote on Mon, Nov 25, 2013 at 10:24:16 +0000:
>> Correct, default SSH port is not open on the corporate firewall. I am
>> sure there are workarounds, however having contractual obligations not
>> sure I should try hard to be unorthodox.
>
> I still suggest that you try to run sshd. If you can't convince them to
> open port 22, try to convince them to run sshd on port 1022. That's not
> unorthodox, it's common practice for evading vulnerability scanners and
> root-login-attemptors.
>
> Daniel
>
>> SSH + SVN is my favourite and will stay with it as the primary access method. If I could top it with HTTP access using the existing Unix authentication and authorization framework, I would be more than happy. After all Unix works for tens of years, why to change it???
>>
>> Other alternative would be to force Apache to spawn MOD_DAV_SVN processes as the authenticated user, wonder if it is possible, or has any inadvertent complications.
>>
>>
>> B.
>>
>> ----------------------------------------
>> > Date: Sat, 23 Nov 2013 01:07:16 +0200
>> > From: d.s_at_daniel.shahaf.name
>> > To: sbremal_at_hotmail.com
>> > CC: users_at_subversion.apache.org
>> > Subject: Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
>> >
>> > sbremal_at_hotmail.com wrote on Thu, Nov 21, 2013 at 18:37:21 +0000:
>> >> I am very happy with the SSH + 'svnserve' access to my repositories,
>> >> however due to firewall issues I need access through HTTP as well.
>> >> What I do not want is to set up a 2nd authentication / authorization
>> >> database.
>> >
>> > What are the "firewall issues", exactly? Why can't you use svn+ssh?
>> > Can you run sshd on port 80 (which would allow you to use svn+ssh
>> > without httpd at all)?
>> >
>> > Daniel
Received on 2013-11-25 12:03:38 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.