I'd like to switch to using ssh at least for some stuff.. It'd be nice
if I could simplify the nt cvs by using it. However I have the
following
requirements, that don't seem to be met yet (it's probably buried in the
ssh docs somewhere?)
1. It is an absolute requirement that the ssh users don't have equate to
real users on the server. How do you make an sshd that uses a different
passwd file to the system one? (This is an NT thing... Once a user has
a userID he can log in. There is no practical way to stop him -
removing
'interactive' priveledges only makes it a bit harder).
2. How do you stop cvs-ssh asking for a password for every command that
you issue? It's really annoying. Can someone implement 'cvs login' for
ssh so it stores the password and feeds it to the ssh process? (Again,
an NT thing - rsa authentication is impossible for reasons I outlined
in another post).
I could probably get issue 2 by hacking the sshd source so it
stored a local list of usernames and a list of 'plain text' passwords
for remote logins. However with something like this if the server is
compromised so are all your users' passwords (also, keeping them in
sync is a nightmare).
Tony
