* Peter Jay Salzman ([EMAIL PROTECTED]) spake thusly: > i'd like to make some code available to collaborators via cvs. it appears > that i have a choice to make: > > 1. use pserver > > 2. use "ext" (ssh) > > i just found out that using method 2, you can't assign a shell of /bin/false. > cvs won't work. so option 2 also means "giving a shell account on my > machine". > > both these options seem insecure. i have to admit, i'm really not crazy > about giving out shell accounts. > > any thoughts? is pserver really as insecure as dpkg claims in the > configuration of the package?
Yes, pswerver sends everything in the clear and all that. Edit /etc/shadow and set your cvsuser's password to NP (or whatever Debian uses to disable logins). Let your users download the *private* key of cvsuser. Set up cvsuser account so that ssh logins can only run cvs. e-mail me if you want details. Dima -- Well, lusers are technically human. -- Red Drag Diva
