| | --=-GomcteejOnwv9ANMXz7y | Content-Type: text/plain | Content-Transfer-Encoding: quoted-printable | | On Tue, 2005-08-09 at 10:29 +0300, Jari Aalto wrote: | > It would be good if the default jail script also populated | >=20 | > $CVSDHOME/.ssh/ | >=20 | > with appropriate files to that the admin could add the SSH keys | > ( .ssh/authorized_keys2 ). This method of accessing cvsd should also | > be documented in /us/share/doc/cvsd/* (README.Debian?) | | I'm not really sure what you want with a ssh client configuration | directory in the chroot jail. I'm also not sure what extra protection | this accessing a cvs pserver over ssh buys you (over direct cvs access | with the ext method). | | Could you provide some more information?
I misunderstood the location that is used by ssh. It appears that ssh is invoked first and then cvsd, so there is no need for $CVSDHOME/.ssh/ - just regular SSH account and $HOME/.ssh will do. As for the protection: the idea is to offer minimum ports to the Net. So instead of visible ports 2401 and 22, the intruder only sees 22. The services that are offered are behind the firewall. It's a kind of multilayered locks. You must first get through SSH to get access to other services. Another thing is added encryption (cvs uses cleartext). Jari -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
