Hi, Yep, that's right?
The shell is configured using: our $sys_shell="/usr/local/bin/sv_membersh"; in /etc/savane/savane.conf.pl (it's not easy to discover that given the current state of the installation process, indeed) -- Sylvain On Thu, Apr 17, 2008 at 10:35:18PM +0200, Aleix Conchillo Flaqué wrote: > I see. Now I understand what you meant in the previous mail, that is > not use the "command=", but add hg-ssh in sv_membersh, is that right? > I thought you said using "command=" was a good idea, my > misunderstanding, sorry. > > Where do you tell that the user shell is sv_membersh? > > Thanks in advance, > > Aleix > > On Thu, Apr 17, 2008 at 10:12 PM, Sylvain Beucler <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I don't think it's interesting to use "command=" from .ssh/authorized; > > sv_membersh is doing this job at the shell level (that is, the users' > > shell is /usr/local/bin/sv_membersh instead of /bin/bash). This works > > in other contexts than SSH. > > > > Note that what you allow in "command=" is also subject to shell > > restrictions (that is, to sv_membersh's filters). > > > > -- > > Sylvain > > > > > > > > On Thu, Apr 17, 2008 at 09:06:38AM +0200, Aleix Conchillo Flaqué wrote: > > > On Tue, Apr 15, 2008 at 9:10 PM, Sylvain Beucler <[EMAIL PROTECTED]> > > wrote: > > > > Hi, > > > > > > > > Good idea. Try to see if you can modify backend/account/sv_membersh.in > > > > in this regard. > > > > > > > > "cd /srv/hg/project" is a good idea, it permits to avoid the /srv/hg > > > > path. Too bad I didn't think of this for SVN and Git at Savannah ;) > > > > > > > > > > I have added automatic authorized_keys command modification in this > > commit: > > > > > > > > http://github.com/aleix/savane-cleanup/commit/0062cd754fcde31519e7460d0058266df31b04e7 > > > > > > I have modified sv_users.in instead of sv_membersh.in, because there > > > where the UserAddSSHKey calls are found. I have added and extra > > > argument for the ssh command to execute. It can be empty and only the > > > key will be saved (as before). > > > > > > I have added a new file sv_ssh_access.in that only executes > > > SSH_ORIGINAL_COMMAND (seems to work fine). > > > > > > I have also solved an issue when adding ssh keys. It seems that NULL > > > (i.e. when user has no ssh keys) were returned as 0, and the current > > > checks did not handle it, so the authorized_keys file was created with > > > a 0. > > > > > > May be an extra configuration file would be better, indicating whether > > > to use authorized_keys command or not. Or we could leave it like that > > > and add a configuration file (when needed) for the sv_ssh_access > > > script. > > > > > > And other thing I've seen, is that tabs are used. Is this the default? > > > I'd rather use spaces as as tabs are not very friendly (diffs, > > > printing, different tab settings, etc.). > > > > > > Any comments would be welcome. > >
