Em 27-06-2011 08:33, Benjamin Podszun escreveu:
Hi there
On Mon, Jun 27, 2011 at 11:17 AM, Marius Mårnes Mathiesen
<[email protected]> wrote:
On Sun, Jun 26, 2011 at 10:16 AM, martin<[email protected]> wrote:
I don't understand why you are concerned about the dedicated git user
account... just lock it down properly. You have exactly the same
situation on every ssh server on the planet.
As I mentioned above, I suspect most users running their own Gitorious
servers have sshd running as the root user, since otherwise they'd need a
separate IP address/port in order to do maintenance on their servers. I
don't think it's reasonable to assume people looking for a way to
collaborate on code have experience in locking down a SSH daemon on their
server.
Since this came up several times now: Can you explain that part? I
wonder if you'd consider my environment at risk...
It is missing a bit of context here...
What Marius is trying to say is that *if you're exposing your Gitorious
installation to the web* you *must* make sure you protect it adequately.
Most Gitorious installations are exposed to intranet only or using VPN,
so that is ok to have the default SSH configuration set up.
If you need to expose Gitorious, than it makes sense to disable SSH and
go with HTTPS if you don't want to expose SSH to the Internet.
Otherwise, you should probably disable password authentication for all
users. It would also be a great idea to disallow SSH login with the root
account and create another one for logging in instead. Not that SSH is
unreliable, but these are best practices if your security concerns are high.
I just think that is not the usual case. Specially because Gitorious
still doesn't support private repositories adequately, so who would like
to expose their private source code to the web?
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
