CMIIW: CVS over SSH with no shell access
Hello:
I just want to be sure that I have not make any potential security
boo-boo here while setting CVS over SSH with no shell access. So
far, so good, but please CMIIW.
1. Is it considered a security risk to put the root into the
/var/www/cvs/ (web) directory while protecting the CVSROOT/
directory?
2. Is it considered a problem to share one CVS server account with
several cvs (external) users?
3. I have set "PasswordAuthentication no" on the CVS server
/etc/ssh/sshd_config file.
4. I have add a 'command=3D"/usr/bin/cvs server" ssh-rsa RSAKEY'
line for each user into a CVS server account's
~/.ssh/authorized_keys file.
5. Is there anything in the CVSROOT/ directory that I have to fidle ?
References:
http://www.e-smith.org/docs/howto/cvs_ssh_howto.html
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/CVS-RCS-HOWTO.html
http://www.cvshome.org/docs/manual/cvs-1.11.6/cvs.html
http://www.kitenet.net/~joey/sshcvs/
http://ami.scripps.edu/software/cvs/
http://lists.debian.org/debian-user/2003/debian-user-200306/msg01962.html
http://lists.debian.org/debian-user/2003/debian-user-200306/msg02154.html
http://www.mail-archive.com/kiss%40worldless.net/msg03402.html
Thank you very much to all who have helped me, including Mike Mueller,
P.Y. Adi Prasaja, dan Bob Proulx.
--
Abdul Latip -- Angkasa Internet Junior Staff -- ANGIN.com
http://people.WebIndonesia.com/dullatip/ ----------------
Reply to: