Hi,
I have been trying the limited Mercurial pull/push access using the hg-
ssh script and it works fine. The authorized_keys file must look like
this:
command="cd /srv/hg/project && hg-ssh . *" ssh-rsa .....
With "." we solve a single repo and with "*" we also solve multiple
subrepos.
So, what's the problem? The problem is that now only mercurial
commands are allowed. With the options available, the hg-ssh script
seems the cleanest way to solve the ssh access, so I think it would be
great to use it.
How? I've been thinking on creating a general ssh script, let's say
sv_ssh_access. So in the authorized_keys we would have:
command="sv_ssh_access" ssh-rsa ....
The script would need to check for the command passed via ssh
(SSH_ORIGINAL_COMMAND) and do whatever (e.g. call hg-ssh). It would
also be useful to display "Out of service" messages or anything else
we could imagine.
I have tried it with a simple python script that calls hg-ssh:
-----------
#!/usr/bin/env python
import os
os.chdir("/var/srv/hg/sources/test_project")
os.system("hg-ssh . *")
-----------
Now, the script could be just (which also works fine):
-----------
!/bin/sh
exec $SSH_ORIGINAL_COMMAND
-----------
It's just an idea.
Aleix
