Jonathan Walther <[EMAIL PROTECTED]> said: > I finally got all the pieces together and tried to create an arch > repository on Savannah. > > What did I find? I could not. The error looked suspiciously similar to > one I'd seen before, one I had helped fix. > > I logged in and took a look at the sshd config file. As I suspected. > > Somehow, Savannah switched back to a version of the configuration file > that doesn't work. > > Can someone please restore it to a working version. I didn't expect a > lot from Savannah, because I know you admins are hard working and have > limited time because you are volunteers. > > But I have ship dates to meet, or my project will lose credibility. A > lot of people have been contributing to Xouvert, and the success of the > project reflects directly on them. > > It is important that Savannah support sftp access. > > The way Savannah is set up right now, chroot access for sftp is NOT > possible. > > Someone switched the sshd configuration to use the so-called "chroot" > version of the sftp subsystem. This does not work, it has never worked, > and it CANNOT work. Any project that wants to have an arch repository > needs it to work, including my project.
[/etc/ssh]# stat sshd_config File: "sshd_config" Size: 2046 Blocks: 8 IO Block: 4096 Regular File Device: 343h/835d Inode: 495289 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: Tue Sep 16 04:20:37 2003 Modify: Wed Apr 9 12:40:35 2003 Change: Tue Aug 5 09:39:47 2003 This file have not changed since April. > sftp has never yet been compromised, and the version of ssh on Savannah > is up to date. The directory permissions are set correctly. What is to > worry about? Noone is able to access anything with sftp they cannot > ALREADY access with ssh. Noone HAVE access with SSH but the Savannah administrator. That's probably a reason why Savannah has never been compromised. > Please, reenable the proper, working sftp subsystem. It won't > compromise system security, but what you currently have does > compromise system usability. I have software to ship. > > I hope this can be resolved amicably and swiftly. sftp never worked as it should, that's true (however it works for some users). Nobody is apparently able to provide sftp working in a secure way for the whole system and the sftp documentation is very poor. But Savannah do not currently support arch. While if some users find a way to use it on Savannah, there's no problem for us. But we cannot provide help for a service we do not offer. We plan to offer the choice between CVS and arch and subversion, but it's still a plan. And sftp is not supported either. We always knew it was somehow partly broken but it was just an extra tool to help users unfamiliar with rsync. It has never been designed to be a way to use arch. So if you have a nice solution to propose, we would be glad to ear it. Having the whole server wide browsable by savannah's users is not an option (too risky -- sourceforge has been compromised so many times by being so permissive). So if you have proposal to fix sftp with chrooted/jailed access, please provide information. If you don't, another solution is to propose a plan for the addition of arch support. You have a software to release, sure. But you cannot expect unsupported tools (both sftp and arch) to be our priority matter. Security of the whole system is the top priority matter, and having no chroot for sftp would disregard that priority. -- Mathieu Roy Homepage: http://yeupou.coleumes.org Not a native english speaker: http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english _______________________________________________ Savannah-hackers mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/savannah-hackers