|
Re: Bots United start a Sourceforge project?
I agree with botmeister. Since not everybody in the Council seem to have the same preference, someone opens a poll in the moderators forum, so that we can decide quickly.
|
Re: Bots United start a Sourceforge project?
Another option:
Sourceforge system is opensource. Why dont we just run our ownm project management system ? Nova |
Re: Bots United start a Sourceforge project?
Quote:
|
Re: Bots United start a Sourceforge project?
so its up and running allready ?
cool 8) should we use ssh fowarding (perhaps with key authentication) instad of opening the port in the firewall ? |
Re: Bots United start a Sourceforge project?
Quote:
|
Re: Bots United start a Sourceforge project?
You can use CVS directly with SSH, there is no need for portforwarding.
For Linux you set an environment variable which replaces the default rsh command with the ssh command. For Windows this depends on the client... |
Re: Bots United start a Sourceforge project?
i know, but that includes a valid shell login, i thought of ssh2 key with strict permissions to only foward a certain port :-)
cheers memed ---- there are paranoid admins and stupid admins *g* |
Re: Bots United start a Sourceforge project?
You can't do that without logging in to the host. I'll try to explain:
The ssh protocol is an end-to-end protocol, only the connections between two authenticated and authorized hosts are encrypted. You can use ssh tunnels between those two hosts once you're in. These tunnels encrypt the traffic between those hosts bot not the traffic outside of these connections! And (at least with OpenSSH) you can't restrict which ports are allowed to be forwarded - you only can turn it on or off. What you could do would be to use stunnel instead of ssh. (www.stunnel.org) Use it to encrypt the pserver protocoll and block the direct access to the pserver port using iptables. The drawback of this is that the developers need iptables at their machines too - but that's not a big problem ;). |
Re: Bots United start a Sourceforge project?
*g* nice that you want to explain, but i think i know what i'm talking about ;)
Quote:
sounds not very different but in terms of security it's a key point. the portfw only user can not try local root exploits (e.g. do_brk ..) since he can not spawn a shell at all. stunnel is not as secure as ssh unless a real PKI is used, allthough it's probably the easier one to setup and security is very good allready. cheers memed from man sshd: [qoute] AUTHORIZED_KEYS FILE FORMAT $HOME/.ssh/authorized_keys is the default file that lists the public keys that are permitted for RSA authentication in protocol version 1 and for public key authentication (PubkeyAuthentication) in protocol version 2. AuthorizedKeysFile may be used to specify an alternative file. ... ... ... no-pty Prevents tty allocation (a request to allocate a pty will fail). permitopen="host:port" Limit local ``ssh -L'' port forwarding such that it may only con- nect to the specified host and port. IPv6 addresses can be spec- ified with an alternative syntax: host/port. Multiple permitopen options may be applied separated by commas. No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. [/quote] |
Re: Bots United start a Sourceforge project?
GREAT DANGER: not having a pty doesn't prevent users from executing programs !!!
Test for yourself: ssh -v user@host /bin/bash But I've at least missed the permitopen="host:port" option, never noticed that before 9_9. But for a person with some skills this is no real limitation, he/she would simple install/use another forwarder... |
| All times are GMT +2. The time now is 04:28. |
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.