> There are three basic mechanisms you may use: > > a) $HOME/.ssh/authorized_keys may contain the following option: > > command="command" > Specifies that the command is executed whenever this key is used > for authentication. The command supplied by the user (if any) is > ignored. The command is run on a pty if the client requests a > pty; otherwise it is run without a tty. If an 8-bit clean chan- > nel is required, one must not request a pty or should specify no- > pty. A quote may be included in the command by quoting it with a > backslash. This option might be useful to restrict certain pub- > lic keys to perform just a specific operation. An example might > be a key that permits remote backups but nothing else. Note that > the client may specify TCP/IP and/or X11 forwarding unless they > are explicitly prohibited. Note that this option applies to > shell, command or subsystem execution. > > where command could be set to be '/usr/bin/cvs' (or whatever). > > This mecanism is probably the most common. A web server or similar > running on the cvs server box might let you submit an ssh public key > to be used and it would setup the user account with the appropriate > command= provided. >
tnx, for now this what i did: for example: 1. SSH if u put test: ... :/var/lib/cvs:usr/bin/cvs in the /etc/passwd file U cant connect using ssh to the cvs server (the cvs command alone is not enough, dont ask me why, but i suppose it also needs things like ls, mkdir, scp ..) so the only way is to use a restricted shell instead of /usr/bin/cvs but then again, the user has shell access (maybe use chroot or something) so i'm not using this, but i'm using the following 2. pserver and stunnel why? no shell, secure connection.. maybe it would be a good idea to have a config file like you have for example for postgresql (pg_hba.conf), where you can put who can connect in which way (including ident, pam, md5, krb5..) to the server Wim Bertels _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
