-----BEGIN PGP SIGNED MESSAGE-----
In <[EMAIL PROTECTED]>, on 06/11/99
at 09:57 AM, "Perry E. Metzger" <[EMAIL PROTECTED]> said:
>"William H. Geiger III" <[EMAIL PROTECTED]> writes:
>> >> Can this be set up so the ssh client only has access to the CVS
>> >> server and not the entire system?
>>
>> >It could, but do you really trust cvs itself to be completely free of
>> >security holes and such? I don't. I'd suggest finding another way to do
>> >what you want instead of this.
>>
>> Well now I am getting conflicting info on the capabilities of SSH. Setting
>> aside the CVS issue is it possible to set up SSH so I can restrict a
>> subset of users to specific ports on the machine?
>Not easily, but you *can* easily restrict certain users to certain
>programs. However, as I've noted, cvs itself is not very secure. I'm not
>sure I would trust the overall resulting setup.
>If the goal is simply to permit widespread authenticated access to the
>sources, perhaps other methods would work better.
Actually my goal is to provide access to a CVS (or other comparable
program) to a limited set of users for a project that I am working on. I
was hoping to use SSH for user authentication and also to provide an
encrypted link for the transfer of source code in and out of the CVS
database.
My other thought was to operate CVS via e-mail and use PGP for
authentication and encryption. This seems a slower and less optimal means
of checking in and out source code but security is a primary goal. Do you
know if anyone has written an e-mail interface for CVS or will I need to
write some scripts? :)
I am rather surprised that no one has looked into providing the type of
functionality I outlined in my previous message to SSH.
tks,
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
Hi Jeff!! :)
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i OS/2 for non-commercial use
Comment: Registered_User_E-Secure_v1.1b1_ES000000
Charset: cp850
wnUDBQE3YUTD0fdTsSGZnTUBAY/SAwDkLRmUn8P1vkhfX4cyRHSd2qZxDcW1lacR
KbxqF9gWZuc6eje6GNS30BtGlAFZCmLohOzEtpI+yG5Iam3pzbZ728oph9V8Sx9i
sEtAN9lW53Tz2JdW64ZYu06/6N/rQcE=
=mOKa
-----END PGP SIGNATURE-----
