Return-Path: Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: (qmail 29051 invoked from network); 5 Jan 2011 02:43:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 5 Jan 2011 02:43:51 -0000 Received: (qmail 79879 invoked by uid 500); 5 Jan 2011 02:43:51 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 79779 invoked by uid 500); 5 Jan 2011 02:43:51 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 79772 invoked by uid 99); 5 Jan 2011 02:43:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Jan 2011 02:43:51 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of nkadel@gmail.com designates 209.85.216.43 as permitted sender) Received: from [209.85.216.43] (HELO mail-qw0-f43.google.com) (209.85.216.43) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Jan 2011 02:43:44 +0000 Received: by qwk3 with SMTP id 3so14483974qwk.16 for ; Tue, 04 Jan 2011 18:43:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=OoIxFHRhbT0Jv7afPYysrkQndWKEMHtEAculf2vl7JU=; b=oKxZovBNf9lqOU/U8IQwonVxam8k+eDElnX+f6lL2aAFI+DqdvcxfZz7i2GE53V55f 68xnQDkh0qhRkE3rlawVIfigX0Jiy37njWQXnpL6PguMkJHJ6JwfOhJH/Jc3fJnPzPBp Y8+Y+90jBrDw5C5RKY3YayJ6URdTxa67JNxjI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=KabqdpZd/y1aBXscfir/Ezkr72XRGg6+3Yy7X0z9sXcHVny9o5ERN8wVL/d3q72j9f KwPRp/H13mWbc9br+6NXlU6yKEHycptrXJGMoPNBZPg/56FGcJYwJgj8YEEHt2G4ZgCb z61iIwFMpdX3j/YHOieBw6g09jpHG/smze8vA= MIME-Version: 1.0 Received: by 10.224.37.74 with SMTP id w10mr21234279qad.163.1294195403919; Tue, 04 Jan 2011 18:43:23 -0800 (PST) Received: by 10.220.110.209 with HTTP; Tue, 4 Jan 2011 18:43:23 -0800 (PST) In-Reply-To: <4D21FD6D.2060505@gmail.com> References: <4D21FD6D.2060505@gmail.com> Date: Tue, 4 Jan 2011 21:43:23 -0500 Message-ID: Subject: Re: Fine and secure dining, was Re: svnadmin create and not being method agnostic From: Nico Kadel-Garcia To: Les Mikesell Cc: users@subversion.apache.org Content-Type: text/plain; charset=ISO-8859-1 On Mon, Jan 3, 2011 at 11:46 AM, Les Mikesell wrote: > On 1/2/2011 9:43 PM, Nico Kadel-Garcia wrote: >> >> It's possible to do secure Subversion. Use svn+ssh access, disable or >> block other services at the firewall, > > If ssh is permitted and you didn't personally set it up, what are the odds > that port tunneling or ssh's built in socks proxy will allow access to every > service behind the firewall? It's not ideal: a dedicated shell (such as gitshell) would be preferable, but there are intelligent tools such as gitosis for enabling and configuring just such a service. It need only be open for the single "svn" dedicated user that holds the SSH keys, and the authorized_keys can be set to restrict commands usable by that SSH key access to a single command. This is why Kerberized access to such an svnserve service account is not workable: it's permitted operations cannot be so limited as the SSH key technology. It would still be somewhat better than the current setup if that user used "rssh", but I've not personally succeeded in integrating Subversion support into that toolkit.