On Tue, Jul 19, 2011 at 10:30 PM, Andy Canfield <andy.canfi...@pimco.mobi> wrote:
> For example, I am on a Linux box named Lenny, logged in as 'andy'. I can ssh > to hk.pimco.mobi as user 'andy', password 'psuedo'. But I don't want to. > Instead, I would like to run the command: > svn ... http://hk.pimco.mobi/svn/RepoName --username=andy > --password=psuedo Whoa there nelly. You're mixing apples and oranges and kumquats. Go right over to the Red Book, and read the descriptions of *each* of HTTP, svnservee, and svn+ssh. Keep them distinct. > But this does not match what you are telling me. Apparently my brain is > pointed 89 degrees off from the direction your brain is pointed. Please > point me in the right direction. See the explanations at http://svnbook.red-bean.com/. They go into much more depth than we can here. > Thank you. > >> The only well supported solution to this, so far, is to use SSH keys >> for a shared account, and to use those keys to use a forced "command" >> for that shared account, a "command" that enforces the user's name for >> that particular svnserve instance. >> >> I've previously tried, myself, to help set up a restricted shell for >> just such access, starting with the "rssh" tool, but didn't get very >> far. That would be a significant security improvement, and help >> protect the rest of the OS from unauthorized access with valid >> Subversion logins with Kerberized or other account access, rather than >> SSH keys. >> >