[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fw: need to force username of cvs 'action' when using shared SSH account
From: |
Keith Refson |
Subject: |
Fw: need to force username of cvs 'action' when using shared SSH account |
Date: |
Wed, 05 May 2004 10:26:24 +0100 |
User-agent: |
Mozilla Thunderbird 0.5 (X11/20040229) |
I'm making a great efford not to be sarcastic in this response. There's
a genuine argument to be made here and I hope that there may be one or
two readers who can be convinced by reasonable debate. I'm not
interested in just having an argument, but in making a case.
Greg Woods wrote:
I just cannot possibly ever even conceive of anyone using a "shared SSH
account".
Since Jennifer Vesperman, the author of "Essential CVS", I and a few
other posters obviously can conceive of such a thing I respectfully
suggest this comment demonstrates a lack of imagination.
The very concept is entirely antithetical to the goals of SSH and
computing security in general.
With a shared SSH account you have a complete audit trail of who logged
in when. No passwords are involved at all, even encrypted. This gives a
far higher degree of security than passwords would. You have the ability
to prevent users changing their environment to prevent subversion of any
restrictions you might want to place on the account. You have the
ability to specify *exactly* what command gets executed. And you can
use this from an account running a restricted shell (recommended for
applications like CVS which make no claims to implement a security model
-- please correct me if I am wrong about this). If you have very high
security requirements you could even do this from a CHROOTed
environment.
Please explain how any of these capabilities are "antithetical to the
goals of SSH". Because I genuinely don't see how.
You may as well just use pserver in the clear and be very explicit and
forthright about your total lack of security.
[[ And yes, I do intend that comment to be very sarcastic. ]]
I still maintain and believe I have demonstrated that you can do better
than that using a shared ssh mechanism. Perhaps it would be easier to
comprehend if we dropped the word "account" and its baggage of
associations from the discussion. Perhaps a better way of thinking
about it is extablishing a public-key authentication mechanism to allow
precisely controlled access to a resource.
Keith Refson
- Re: Need to force username of cvs 'action' when using shared SSH account, (continued)
Re: Fw: need to force username of cvs 'action' when using shared SSH, Larry Jones, 2004/05/04
Fw: need to force username of cvs 'action' when using shared SSH account,
Keith Refson <=