Peter Jay Salzman writes: > begin: Joey Hess <[EMAIL PROTECTED]> quote > > Peter Jay Salzman wrote: > > Read http://kitenet.net/programs/sshcvs > > > > It uses plain-text passwords, which is pretty insecure, yes. > > joey, i have no problem with plain text passwords. > > just as long as they can't get _shell access_ with that password.
As long as you have, in the authorized_keys file (it could be authorized_keys2 for older versions of ssh) for your anonymous cvs user, right before the key, something like command="/usr/bin/cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty you should be okay. This would amount to no shell access, and no ability to forward ports or anything like that, and the only allowed command would be to run cvs. The only difference between the line above and the line given in kitenet.net is the no-pty option, which should probably be in there. Andrew.
