Paul Smith wrote: > Leo Famulari wrote: > > Bob Proulx wrote: > > > Paul Smith wrote: > > > > The current one works fine for me except that I really want HTTPS > > > > support, which the current server doesn't provide. > > > > > > First let me ask why you want https access? It is terribly slow. You > > > are a member and can use ssh. Why not use ssh access? There is no > > > advantage to using https over ssh but there are many disadvantages. > > > It is really only a last ditch fallback method. > > Sorry Bob, somehow I either never got or accidentally deleted your > reply :(.
Yep. My mail. Right into the spam folder. :-) > The access is not for me; I do indeed use SSH. As Leo points out the > access is for anonymous read-only access that is secure and proof > against MitM attacks. Thorsten Glaser poked us in relation to deprecating the cvs pserver support to use anonymous ssh (traditionally anoncvs) for this type of access. See https://www.openbsd.org/papers/anoncvs-slides.pdf . What would you think of using anonymous instead? I think that would be a superior way to go. And for everyone else please consider the ramifications of allowing empty passwords. In particular is there a PAM configuration for empty passwords for only a single user rather than globally? If you already have a secure setup for this please let me know. (I already know how to configure sshd for "Match User anonymous; PermitEmptyPasswords yes" for just one user. But I am not well versed with PAM configuration.) > I'm not asking for _authenticated_ HTTPS support, just anonymous access > over HTTPS. More straightforwardly, I'm looking for HTTPS as an > alternative to our current HTTP support, not an alternative to our > current SSH support. Whew! You had me worried there. But I think many people are looking for it as an ssh replacement. In an attempt to do 100% of everything over https. Bob
