[svlug] CVS SSH server security

[Tim Utschig]

On Tue, Mar 06, 2007 at 03:13:22PM -0800, Bill Ward wrote:
> Sourceforge lets you have a "ssh" account that enables you to run CVS
> commands, but not get a regular shell account.  I have a need for this
> behavior on a CVS server under our control.   For example, I don't
> want people to be able to delete files from the repository (outside of
> what the "cvs rm" command does).  Does anyone here know how this is
> done?

Maybe rssh is what you're looking for?

    http://www.pizzashack.org/rssh/

<quote what="apt-cache show rssh">
    Restricted shell allowing only scp, sftp, cvs, rsync
    and/or rdist rssh is a restricted shell to be used as a substitute
    of the login shell to allow users to perform only
    scp/sftp/cvs/rsync,rdist operations.
    .
    The security implications are high, so the home directories have
    to be set following the instructions provided.
</quote>

-- 
   - Tim Utschig <tim at tetro.net>