Hello: I just want to be sure that I have not make any potential security boo-boo here while setting CVS over SSH with no shell access. So far, so good, but please CMIIW.
1. Is it considered a security risk to put the root into the /var/www/cvs/ (web) directory while protecting the CVSROOT/ directory? 2. Is it considered a problem to share one CVS server account with several cvs (external) users? 3. I have set "PasswordAuthentication no" on the CVS server /etc/ssh/sshd_config file. 4. I have add a 'command=3D"/usr/bin/cvs server" ssh-rsa RSAKEY' line for each user into a CVS server account's ~/.ssh/authorized_keys file. 5. Is there anything in the CVSROOT/ directory that I have to fidle ? References: http://www.e-smith.org/docs/howto/cvs_ssh_howto.html http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/CVS-RCS-HOWTO.html http://www.cvshome.org/docs/manual/cvs-1.11.6/cvs.html http://www.kitenet.net/~joey/sshcvs/ http://ami.scripps.edu/software/cvs/ http://lists.debian.org/debian-user/2003/debian-user-200306/msg01962.html http://lists.debian.org/debian-user/2003/debian-user-200306/msg02154.html http://www.mail-archive.com/kiss%40worldless.net/msg03402.html Thank you very much to all who have helped me, including Mike Mueller, P.Y. Adi Prasaja, dan Bob Proulx. -- Abdul Latip -- Angkasa Internet Junior Staff -- ANGIN.com http://people.WebIndonesia.com/dullatip/ ---------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
