If you go to alternative SSH port, which is not that unusualy, write and show them the restricted sshd_config to restrict access to only that specified service for only that specified user. No password logins, no normal shells, use the authorized_keys ForceCommand access only for that alternative service.
On Mon, Nov 25, 2013 at 5:43 AM, Daniel Shahaf <d...@daniel.shahaf.name> wrote: > sbre...@hotmail.com wrote on Mon, Nov 25, 2013 at 10:24:16 +0000: >> Correct, default SSH port is not open on the corporate firewall. I am >> sure there are workarounds, however having contractual obligations not >> sure I should try hard to be unorthodox. > > I still suggest that you try to run sshd. If you can't convince them to > open port 22, try to convince them to run sshd on port 1022. That's not > unorthodox, it's common practice for evading vulnerability scanners and > root-login-attemptors. > > Daniel > >> SSH + SVN is my favourite and will stay with it as the primary access >> method. If I could top it with HTTP access using the existing Unix >> authentication and authorization framework, I would be more than happy. >> After all Unix works for tens of years, why to change it??? >> >> Other alternative would be to force Apache to spawn MOD_DAV_SVN processes as >> the authenticated user, wonder if it is possible, or has any inadvertent >> complications. >> >> >> B. >> >> ---------------------------------------- >> > Date: Sat, 23 Nov 2013 01:07:16 +0200 >> > From: d...@daniel.shahaf.name >> > To: sbre...@hotmail.com >> > CC: users@subversion.apache.org >> > Subject: Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights >> > >> > sbre...@hotmail.com wrote on Thu, Nov 21, 2013 at 18:37:21 +0000: >> >> I am very happy with the SSH + 'svnserve' access to my repositories, >> >> however due to firewall issues I need access through HTTP as well. >> >> What I do not want is to set up a 2nd authentication / authorization >> >> database. >> > >> > What are the "firewall issues", exactly? Why can't you use svn+ssh? >> > Can you run sshd on port 80 (which would allow you to use svn+ssh >> > without httpd at all)? >> > >> > Daniel