[lug] CVS access only

Scott A. Herod herod at interact-tv.com
Thu Mar 15 14:45:23 MST 2001

Can I ask a question about this?

I think I've done what you suggested.  To make sure I understand what
this is doing; 

The "command" option forces that command to be run when a connection
from the machine with the given key occurs.  The /etc/YOU_CANT_LOGIN 
script is still necessary to keep them from changing their local
version of the key.  ( I guess I'll have to have them send me the
contents of their public identity file so I can append those. )

Finally, below you have "/usr/local/bin/cvs server".  That's all that's

Thanks again for your help,


Tom Tromey wrote:
> >>>>> "Scott" == Scott A Herod <herod at interact-tv.com> writes:
> Scott>   I'm trying to set up a CVS site that is accessible through
> Scott> ssh to some specific networked users but I don't won't them to
> Scott> have login access.  Is there a standard way to do that?
> Yes, there is.  We do this on sources.redhat.com.
> First disable all the login services except sshd.
> Then in the user's .ssh/authorized_keys, instead of just the key, put
> this:
> no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/local/bin/cvs server" ... rest of key here ...
> Read the sshd man page (I imagine) for more info on how this works.
> Tom

More information about the LUG mailing list