Thus said Warren Young on Fri, 22 Jan 2016 07:44:14 -0700:
> This is what I meant when I said that I don't see that SSH keys have
> anything to do with it.
It does if you don't have root access to /etc/ssh/sshd_config, or if you
don't want to constantly modify /etc/ssh/sshd_config whenever
Thus said Stephan Beal on Fri, 22 Jan 2016 11:04:21 +0100:
> That belongs in a cookbook/howto, if it's not already. :)
I've been meaning to ask if the script would be appropriate in the
Fossil repository /tools directory with perhaps a Wiki page or embedded
document that discusses how to
Thus said Warren Young on Fri, 22 Jan 2016 08:37:28 -0700:
> > echo "Usage: $0 []
>
> Aren't you supposed to be passing $fossilbin in the ForceCommand
> value?
Yes, the script I gave as an example is not exactly the same as the
suggested usage. My apologies. The script
On Fri, Jan 22, 2016 at 7:05 AM, Andy Bradford
wrote:
> ...
With an SSH key, you can use the ForceCommand to cause SSH to run
> something other than ``fossil test-http''
>
> For example, you could do:
>
...
That belongs in a cookbook/howto, if it's not already.
On Fri, Jan 22, 2016 at 4:56 AM, Warren Young wrote:
> H, I hadn’t even considered how privileges were enforced in the SSH
> case. I guess it’s just logging in and modifying a local Fossil DB on the
> server, right?
>
Right. Any time fossil runs against a local file, the
On Jan 21, 2016, at 11:05 PM, Andy Bradford wrote:
>
> Here is a sample of what might go into fossilwrapper:
I’ve studied this, and ended up with a bunch of questions about why you wrote
it as you did:
> ForceCommand /home/fossil/bin/fossilwrapper wyml
[snip]
>
On 1/21/16, Warren Young wrote:
>
> TLS isn’t sounding so bad after all.
Stunnel4 (https://www.stunnel.org/index.html) works well for me.
--
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
On Jan 21, 2016, at 11:05 PM, Andy Bradford wrote:
>
> Technically, using SSH keys isn't strictly necessary. You can
> use ForceCommand on a per SSH user basis
This is what I meant when I said that I don’t see that SSH keys have anything
to do with it.
Is there a way to allow public HTTP access to a Fossil repo for unprivileged
users only (anonymous, nobody) but make Fossil refuse to do anything sensitive
over HTTP, to force all such traffic over SSH or local DB connections?
That is, could I allow anonymous to clone over HTTP, but if you’re
On 1/21/16, Warren Young wrote:
> Is there a way to allow public HTTP access to a Fossil repo for unprivileged
> users only (anonymous, nobody) but make Fossil refuse to do anything
> sensitive over HTTP, to force all such traffic over SSH or local DB
> connections?
Under
On Jan 21, 2016, at 8:38 PM, Andy Bradford wrote:
>
> One method would be to not have any user accounts on the public facing
> HTTP repository. Then setup your SSH access repository location.
> Finally, configure a cronjob that does ``fossil pull'' into the
Thus said Warren Young on Thu, 21 Jan 2016 14:29:53 -0700:
> Is there a way to allow public HTTP access to a Fossil repo for
> unprivileged users only (anonymous, nobody) but make Fossil refuse to
> do anything sensitive over HTTP, to force all such traffic over SSH or
> local DB
Thus said Warren Young on Thu, 21 Jan 2016 20:56:54 -0700:
> H, I hadn't even considered how privileges were enforced in the
> SSH case. I guess it's just logging in and modifying a local Fossil DB
> on the server, right?
Right, SSH treats the file as local. Specifically, the SSH command
13 matches
Mail list logo