Re: [fossil-users] Restrict password authenticated operations to SSH?

Thus said Warren Young on Fri, 22 Jan 2016 07:44:14 -0700: > This is what I meant when I said that I don't see that SSH keys have > anything to do with it. It does if you don't have root access to /etc/ssh/sshd_config, or if you don't want to constantly modify /etc/ssh/sshd_config whenever

Re: [fossil-users] Restrict password authenticated operations to SSH?

Thus said Stephan Beal on Fri, 22 Jan 2016 11:04:21 +0100: > That belongs in a cookbook/howto, if it's not already. :) I've been meaning to ask if the script would be appropriate in the Fossil repository /tools directory with perhaps a Wiki page or embedded document that discusses how to

Re: [fossil-users] Restrict password authenticated operations to SSH?

Thus said Warren Young on Fri, 22 Jan 2016 08:37:28 -0700: > > echo "Usage: $0 []” > > Aren't you supposed to be passing $fossilbin in the ForceCommand > value? Yes, the script I gave as an example is not exactly the same as the suggested usage. My apologies. The script

Re: [fossil-users] Restrict password authenticated operations to SSH?

On Fri, Jan 22, 2016 at 7:05 AM, Andy Bradford wrote: > ... With an SSH key, you can use the ForceCommand to cause SSH to run > something other than ``fossil test-http'' > > For example, you could do: > ... That belongs in a cookbook/howto, if it's not already.

Re: [fossil-users] Restrict password authenticated operations to SSH?

On Fri, Jan 22, 2016 at 4:56 AM, Warren Young wrote: > H, I hadn’t even considered how privileges were enforced in the SSH > case. I guess it’s just logging in and modifying a local Fossil DB on the > server, right? > Right. Any time fossil runs against a local file, the

Re: [fossil-users] Restrict password authenticated operations to SSH?

On Jan 21, 2016, at 11:05 PM, Andy Bradford wrote: > > Here is a sample of what might go into fossilwrapper: I’ve studied this, and ended up with a bunch of questions about why you wrote it as you did: > ForceCommand /home/fossil/bin/fossilwrapper wyml [snip] >

Re: [fossil-users] Restrict password authenticated operations to SSH?

On 1/21/16, Warren Young wrote: > > TLS isn’t sounding so bad after all. Stunnel4 (https://www.stunnel.org/index.html) works well for me. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list

Re: [fossil-users] Restrict password authenticated operations to SSH?

On Jan 21, 2016, at 11:05 PM, Andy Bradford wrote: > > Technically, using SSH keys isn't strictly necessary. You can > use ForceCommand on a per SSH user basis This is what I meant when I said that I don’t see that SSH keys have anything to do with it.

[fossil-users] Restrict password authenticated operations to SSH?

Is there a way to allow public HTTP access to a Fossil repo for unprivileged users only (anonymous, nobody) but make Fossil refuse to do anything sensitive over HTTP, to force all such traffic over SSH or local DB connections? That is, could I allow anonymous to clone over HTTP, but if you’re

Re: [fossil-users] Restrict password authenticated operations to SSH?

On 1/21/16, Warren Young wrote: > Is there a way to allow public HTTP access to a Fossil repo for unprivileged > users only (anonymous, nobody) but make Fossil refuse to do anything > sensitive over HTTP, to force all such traffic over SSH or local DB > connections? Under

Re: [fossil-users] Restrict password authenticated operations to SSH?

On Jan 21, 2016, at 8:38 PM, Andy Bradford wrote: > > One method would be to not have any user accounts on the public facing > HTTP repository. Then setup your SSH access repository location. > Finally, configure a cronjob that does ``fossil pull'' into the

Re: [fossil-users] Restrict password authenticated operations to SSH?

Thus said Warren Young on Thu, 21 Jan 2016 14:29:53 -0700: > Is there a way to allow public HTTP access to a Fossil repo for > unprivileged users only (anonymous, nobody) but make Fossil refuse to > do anything sensitive over HTTP, to force all such traffic over SSH or > local DB

Re: [fossil-users] Restrict password authenticated operations to SSH?

Thus said Warren Young on Thu, 21 Jan 2016 20:56:54 -0700: > H, I hadn't even considered how privileges were enforced in the > SSH case. I guess it's just logging in and modifying a local Fossil DB > on the server, right? Right, SSH treats the file as local. Specifically, the SSH command