Hello, Next hurdle. SSL or SSH on Windows.
I just discovered that fossil.exe does not have SSL support, so that kind of presents a hurdle. By the way, it works nicely in a chroot with stunnel and SSL client certificates on an OpenBSD server. So, now on to SSH... I'm trying to setup a force command with ssh keys that restricts access with that key to simply ``fossil http REPOSITORY''. Is there some trick I need to tell the client that it already has an open fossil http server waiting to be used on stdin/stdout and to just start talking HTTP? SSH will have already taken care of wiring up the stdin/stdout on the server side, so this really just seems to be a client side problem. I setup a ForceCommand SSH key but the client doesn't seem to know what to do with it and crashes: $ fossil ver This is fossil version 1.26 [c9cb6e7293] 2013-06-18 21:09:23 UTC $ fossil clone ssh://amb@localhost//tmp/test.fossil test.fossil ssh -e none -T amb@localhost ... debug1: Offering RSA public key: /home/amb/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). ... debug1: channel 1: new [client-session] debug1: Entering interactive session. debug1: Remote: Forced command. debug1: Remote: Forced command. ... debug1: Exit status 0 $ echo $? 141 As can be seen, when my SSH key is used, it will be forced into fossil http mode, but the client crashes. Here is what I have in my authorized_keys: $ grep fossil /home/amb/.ssh/authorized_keys command="/home/amb/bin/fossil http /tmp/test.fossil" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqKI393xubO69Rs+Y6fbnxDpAgX5kTe31qWepFyfu08wxNj5iX57vNIYFIcC7bwKW4EHMakuEIYr2eDzXl3e1pXLzteFESISaZkXrmspNIMRh4oW/3LqV+pGXfimA//YlmbJOMzEHerSCTi+QG0O6LNyvjlZgJmP8dJgc0ktzw6nAVcpdFxwoNa+tQJb+g7wLHGRCsl9uvf6rfdzXVUm/tAtD/TyPITU7Ni2q7aTm/m8YKsXDUif91UP9XUH8phwwEucQa3MagtIcmUKJzrkuwHT+rr2K/0W8vpjO3iq3g7ejONqaTfqEW2Rc5uydYsc1B5IjsmPm0bVkbB3B6ZBxF amb Is there any way to tell the local fossil client command that it just needs to start talking HTTP to whatever file descriptor it has open for SSH? Or, is there another mode that fossil has that will do this? I couldn't find it in the documentation. By the way, SSH keys, and just SSH with password authentication do work for cloning, but I want to restrict the access that users make to simply the fossil command (no shell access), but if I just use the SSH key without restricting the command, they gain full shell access. Thanks, Andy -- TAI64 timestamp: 4000000051cf79c7 _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
