[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] db kill_rev_locally

From: Ethan Blanton
Subject: Re: [Monotone-devel] db kill_rev_locally
Date: Sat, 11 Oct 2008 21:35:13 -0400
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

Daniel Carrera spake unto us the following wisdom:
>> Then, to connect to the server, run something like the following on
>> your workstation:
>>     ssh -L4691:localhost:4691 <server>
>> This somewhat confusing command line says "Forward port 4691 (the
>> leading 4691:) on the local host (-L) to port 4691 on the remote
>> machine (localhost:4691)".  See 'man ssh' for more on -L (and its
>> closely-related cousin, -R).  If you used a server port other than
>> 4691 for 'mtn serve', replace the *final* 4691 in the above command
>> with the port the server is using.
> And allowing this does not require giving developers the ability to SSH  
> into the server through the terminal? How do you do this?

This requires SSH access to the server in exactly the same manner that
running a remote monotone process does.  You do not have to give the
user access to a general purpose shell; a binary which simply does
nothing forever, or sleeps for a period of time and then exits is
sufficient.  The latter is a decent solution if resources are a
concern, because the SSH tunnel will prop open the SSH connection
until it is finished, at which point the entire connection will close
if the "login shell" has exited.

In short, they have only to be able to authenticate, not *do* anything
on the remote side.  All developers can be given access to the same
"account" on the server, with ssh keys granting access only to a dummy
shell, or whatever normal precautions you would take.


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
                -- Cesare Beccaria, "On Crimes and Punishments", 1764

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]