Hi, I don't think it's interesting to use "command=" from .ssh/authorized; sv_membersh is doing this job at the shell level (that is, the users' shell is /usr/local/bin/sv_membersh instead of /bin/bash). This works in other contexts than SSH.
Note that what you allow in "command=" is also subject to shell restrictions (that is, to sv_membersh's filters). -- Sylvain On Thu, Apr 17, 2008 at 09:06:38AM +0200, Aleix Conchillo Flaqué wrote: > On Tue, Apr 15, 2008 at 9:10 PM, Sylvain Beucler <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Good idea. Try to see if you can modify backend/account/sv_membersh.in > > in this regard. > > > > "cd /srv/hg/project" is a good idea, it permits to avoid the /srv/hg > > path. Too bad I didn't think of this for SVN and Git at Savannah ;) > > > > I have added automatic authorized_keys command modification in this commit: > > http://github.com/aleix/savane-cleanup/commit/0062cd754fcde31519e7460d0058266df31b04e7 > > I have modified sv_users.in instead of sv_membersh.in, because there > where the UserAddSSHKey calls are found. I have added and extra > argument for the ssh command to execute. It can be empty and only the > key will be saved (as before). > > I have added a new file sv_ssh_access.in that only executes > SSH_ORIGINAL_COMMAND (seems to work fine). > > I have also solved an issue when adding ssh keys. It seems that NULL > (i.e. when user has no ssh keys) were returned as 0, and the current > checks did not handle it, so the authorized_keys file was created with > a 0. > > May be an extra configuration file would be better, indicating whether > to use authorized_keys command or not. Or we could leave it like that > and add a configuration file (when needed) for the sv_ssh_access > script. > > And other thing I've seen, is that tabs are used. Is this the default? > I'd rather use spaces as as tabs are not very friendly (diffs, > printing, different tab settings, etc.). > > Any comments would be welcome.
