Excerpt from http://www.akeysoft.com
Today configured the CVS service provided by SSH:
After installing SSHD, create an account using CVS. However, the opening of these accounts makes the CVS user can log in to the CVS server via SSH. In order to limit CVS users, I can only use the CVS function with SSH, I use Google to find two ways.
Method 1: Turn off the SSH password authentication function, let SSH services must pass the key (certificate) authentication, and add the command option to the execution command after the COMMAND login before the authentication certificate file on the server. This method is not very good. After the user is connected to the server via SSH, it enters the CVS service command status without any tips.
Method 2: Create a script as the shell after the user's login, the content of the script is the command executed, if it is the CVS command, otherwise the message is displayed after the message is displayed. I chose this method to build the following script file (file name CVSONLY):
#! / bin / sh
IF ["$ *"! = "-c cvs server"]; the echo "cvs only!"; exit; fi; CVS Server
Script is stored under / usr / local / bin, plus execution permissions via CHMOD 755.
The shell that only allows users who are allowed to access CVS using SSH to the top script in / etc / passwd.
A similar manner can also be configured on Cygwin. (In fact, I am confirmed in the Cygwin environment, there is no experiment on Linux.)
In addition, in order to more securely add parameters -allow-root to the last line of CVS Server on the above script, the CVS is prevented from accessing the file system other than CVSROOT.
