Hi, There must be at least one operating system user for you to use ext with ssh because ssh is a remote login method. The purpose of ssh is to allow a user a remote login so it does not make sense to not have a user.
That being said, the ssh user account can be configured to have very limited permissions. The user's shell can be set to null in /etc/passwd and the user can be restricted from an interactive login session and can even be restricted to allow just a single command to be issued - namely cvs server based on sshd configuration. With all of this set up the remote user can't do much other than execute cvs commands on the server. -Mark ----- Original Message ----- From: "Lazy Dumbness" <[EMAIL PROTECTED]> To: "CVS-II Discussion Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, November 16, 2003 8:32 PM Subject: Re: Re: System username and :ext:/SSH > I also have a question.Maybe you have told about it but only I'm not > understand. I want to know,via :ext:/SSH,weather a user must be and > OS user?No matter how security the ssh is.I don't want give them > the OS account.The /CVSROOT/passwd file, :pserver: give a way needn't > system account but still can access the CVS repository.Is ssh also > can do so? I'm afraid it can't,because I tried but failed. > > > >[ On Sunday, November 16, 2003 at 11:22:41 (+0200), Stephen Biggs wrote: ] > >> Subject: System username and :ext:/SSH > >> > >> Is there a way to duplicate the behavior of the CVSROOT/passwd actions when > >> logging on with SSH? > >> > >> Specifically, if there is a system username alias in the passwd file, this > >> takes effect when logging on with a password. > >> > >> Is there a way to get that system username when accessing the repository using > >> SSH through :ext:? > > > >SSH is SSH. It's a true remote job execution protocol with the ability > >to enforce strong authentication and full Unix authorisation. Every > >SSH user is a real OS user. I.e. SSH makes it possible to use a remote > >CVS server with almost as much security as one would be able to achieve > >if everyone had to do all their CVS work directly on the machine where > >the CVS repository resides. You don't need, or want, anything to do > >with the flawed and totally insecure cvs-pserver functionality when > >you're using SSH properly. > > > >-- > > Greg A. Woods > > > >+1 416 218-0098 VE3TCP RoboHack <[EMAIL PROTECTED]> > >Planix, Inc. <[EMAIL PROTECTED]> Secrets of the Weird <[EMAIL PROTECTED]> > > > > > >_______________________________________________ > >Info-cvs mailing list > >[EMAIL PROTECTED] > >http://mail.gnu.org/mailman/listinfo/info-cvs > > > > > _______________________________________________ > Info-cvs mailing list > [EMAIL PROTECTED] > http://mail.gnu.org/mailman/listinfo/info-cvs > _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
