1 rizwank 1.1 %META:TOPICINFO{author="RizwanKassim" date="1108022987" format="1.0" version="1.2"}%
2 %META:TOPICPARENT{name="WineCVS"}%
3 How to setup a restricted SSH account using hostkeys so that only CVS can run...
4
5 Excellent for webservers, university accounts and other places where you don't have root.
6
7 AFAIK, this only works with !OpenSSH. The guide implicitly uses SSH2
8
9 * First, generate your session keys on the CVS 'server'
10 * I use quotes here, because the server is actually an SSH server; CVS server implies pserver, which isn't what were are doing at all.
11 * run 'ssh-keygen -t rsa' (or dsa) to generate a hostkey. Setup a password if you'd like. Keep note of where the keys are stored (or put them into another location so they don't mess up any keys you actually have.)
12 * Edit the .pub file generated, putting 'command="cvs server "' in front of the 'ssh-dss or ssh-rsa' string. (write the appropriate path to cvs if it isn't in your path.)
13 * Combine the pub file with your existing ~/.ssh/authorized_keys2 file. (If you don't have one already, just rename it.)
14 * chmod the key file 600
15 * On any machine that you wish to permit SSH access to:
16 * Give them the id_rsa or id_dsa file generated (feel free to rename it to descriptivename.key)
17 * Modify the ~/.ssh/config file, adding :
18
19 Host (CVS server name)
20
21 User (The Username you Generated the Key under)
22 rizwank 1.1
23 !IdentityFile (Path to the aforementioned .key file)
24 * Finally, have them set CVS_RSH=ssh and CVSROOT=:ext:username@server:CVSROOTPATH, where CVSROOTPATH is the path to your CVSROOT on the server.
25 * Voila! Now you can run CVS <command> <package> and it will connect to the server via ssh, *only* permit them to use cvs (Yay for security!) and disconnect!
26
27 Any questions, feel free to email me.
28
29 Installation description is here : WineCVS
30
31 -Rizwan Kassim
32
33
34 -- Main.RizwanKassim - 16 Jan 2005
35
|
Return to
SetupCVSviaSSH.txt
CVS log
Up to [RizwankCVS] / geekymedia_web / twiki / data / WineDev