[Dev] gitosis broken + server access + security practices

Nicolás Reynolds fauno at kiwwwi.com.ar
Wed Feb 15 18:31:05 GMT 2012

On Wed, 15 Feb 2012 19:22:06 +0100, gnu.tek at gmx.com (=?utf-8?Q?Aur=C3=A9lien?=) wrote:
> > Smv says gitosis not only does this but also *only* allows the git user
> > (git at parabolagnulinux.org) access to the git repos. If we
> > were going to manage push privileges using regular ssh
> > methods (ssh-copy-id, authorized_keys, etc.), people could not only push
> > to the repos but have shell login if available or access to the full git
> > user's home, included .ssh/authorized_keys.
> Should it be possible that the script which verify authorithy ask
> another "securly closed" server rather than the normal
> .ssh/authorized_keys?

If everyone had a gpg key also we could use monkeysphere for auth.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20120215/adb306ce/attachment.sig>

More information about the Dev mailing list