Thus said Rene on Sun, 21 Jul 2013 00:00:01 +0200: > A forced command is in place and it can only be fossil http.This will > check if it is started via ssh and then look in the environment to see > if the request was fossil gate myotherdb. > > what are you trying to archive?
I'm trying to accomplish what I believe Matt Welland was suggesting it do, which I did like. Basically, if I have an SSH account named ``fossil'' on my server, I can use it to server out as many fossils as I like to any given SSH key connecting to the ``fossil'' account. The forced command on the server will be: command="/usr/bin/fossil gate /tmp/allowed-fossils" ssh-rsa ... fossil gate will then inspect SSH_ORIGINAL_COMMAND and extract the requested fossil repo. If the FILENAME contains the requested repo (and perhaps if it is executable and returns successfully), fossil gate will then exec ``fossil http /path/to/repo'' otherwise it will exit with an error. This allows you to use the same client SSH key to access multiple remote fossil accounts using the same remote SSH account. This allows for a 1 to many as opposed to 1 to 1 relationship. It will still be possible for a forced command to be: command="/usr/bin/fossil http /tmp/file.fossil" ssh-rsa ... However, this means that you can only ever access that single fossil file using that SSH key and SSH account combination. Thoughts? Andy -- TAI64 timestamp: 4000000051eb0e0f _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
