You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "S. Aguinaga" <sa...@yahoo.com> on 2009/01/12 21:39:48 UTC
howto gain full access to terminal via ssh and by pass "( success (
1 2 ( ANONYMOUS EXTERNAL ...."
I'd like to connect to my server with full access via "ssh user@server" but I get the following prompt:
( success ( 1 2 ( ANONYMOUS EXTERNAL ) ( edit-pipeline svndiff1 absent-entries ) ) )"
how do I bypass this?
I just want to fully access my server.
I do have an svn server running and I connect to it via:
"command" svn+ssh://user@server/repo
How do I bypass the prompt?
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1020252
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: howto gain full access to terminal via ssh and by pass "(
success ( 1 2 ( ANONYMOUS EXTERNAL ...."
Posted by Les Mikesell <le...@gmail.com>.
S. Aguinaga wrote:
> I see how silly I sounded :)
>
> So, if I want to setup things right .... I should have and svnuser
> account, which I use when
> ever I want to access my subversion repos, and then use my standard user
> account to connect
> via "ssh user@server" and be able to move around in my account space?
>
> & in the "authorized_keys" file (for the svnuser account) I should have
> the command calling svnserve, the root of repos, and
> --tunnel-user, plus all the other no Xforwarding, etc. does that sound?
Putting command=something with the key restricts the ssh access to the
matching command. If you don't want restrictions, don't put any there.
--
Les Mikesell
lesmikesell@gmail.com
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1022649
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: howto gain full access to terminal via ssh and by pass "(
success ( 1 2 ( ANONYMOUS EXTERNAL ...."
Posted by Stefan Sperling <st...@elego.de>.
On Tue, Jan 13, 2009 at 09:53:53AM -0800, S. Aguinaga wrote:
>
> I see how silly I sounded :)
:)
> So, if I want to setup things right .... I should have and svnuser
> account, which I use when
> ever I want to access my subversion repos, and then use my standard
> user account to connect
> via "ssh user@server" and be able to move around in my account space?
You can use your normal account to create and commit to the
repository without any special setup. svn+ssh:// is implemented
so that it magically invokes svnserve for you through an
ssh connection. No tweaks to your existing ssh setup are required.
You can also add a separate user account for committing,
but that is optional.
Note that if multiple users are using svn+ssh:// to access
a shared repository, the umask the svnserve process runs with
needs to be set to 002 to make sure the repository stays writable
by all committers (which should all be in a common group, for example,
'svn' or 'svncommitters' or something like that).
See http://svnbook.red-bean.com/en/1.5/svn.serverconfig.multimethod.html
> & in the "authorized_keys" file (for the svnuser account) I should
> have the command calling svnserve, the root of repos, and
> --tunnel-user, plus all the other no Xforwarding, etc. does that
> sound?
You only need to put the svnserve command into the authorized_keys
file if you want to restrict the key to be used _only_ for svnserve and
nothing else. This is useful to give commit access to people via
svn+ssh:// without also giving them ssh shell access on the server.
Otherwise, just don't add any special options in authorized_keys.
It should just work.
Stefan
Re: howto gain full access to terminal via ssh and by pass "(
success ( 1 2 ( ANONYMOUS EXTERNAL ...."
Posted by "S. Aguinaga" <sa...@yahoo.com>.
I see how silly I sounded :)
So, if I want to setup things right .... I should have and svnuser account, which I use when
ever I want to access my subversion repos, and then use my standard user account to connect
via "ssh user@server" and be able to move around in my account space?
& in the "authorized_keys" file (for the svnuser account) I should have the command calling svnserve, the root of repos, and
--tunnel-user, plus all the other no Xforwarding, etc. does that sound?
Thanks again for your help!!
________________________________
From: Stefan Sperling <st...@elego.de>
To: S. Aguinaga <sa...@yahoo.com>
Cc: users@subversion.tigris.org
Sent: Tuesday, January 13, 2009 10:05:11 AM
Subject: Re: howto gain full access to terminal via ssh and by pass "( success ( 1 2 ( ANONYMOUS EXTERNAL ...."
On Mon, Jan 12, 2009 at 01:39:48PM -0800, S. Aguinaga wrote:
>
> I'd like to connect to my server with full access via "ssh
> user@server" but I get the following prompt:
> ( success ( 1 2 ( ANONYMOUS EXTERNAL ) ( edit-pipeline svndiff1
> absent-entries ) ) )"
> how do I bypass this?
> I just want to fully access my server.
> I do have an svn server running and I connect to it via:
> "command" svn+ssh://user@server/repo
> How do I bypass the prompt?
Hi,
You are essentially asking: "How do I exploit svnserve to gain
access to a remote computer system?"
If you find an answer to this question, please let is know so
we can fix the problem.
Thanks,
Stefan
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1022554
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: howto gain full access to terminal via ssh and by pass "(
success ( 1 2 ( ANONYMOUS EXTERNAL ...."
Posted by Stefan Sperling <st...@elego.de>.
On Mon, Jan 12, 2009 at 01:39:48PM -0800, S. Aguinaga wrote:
>
> I'd like to connect to my server with full access via "ssh
> user@server" but I get the following prompt:
> ( success ( 1 2 ( ANONYMOUS EXTERNAL ) ( edit-pipeline svndiff1
> absent-entries ) ) )"
> how do I bypass this?
> I just want to fully access my server.
> I do have an svn server running and I connect to it via:
> "command" svn+ssh://user@server/repo
> How do I bypass the prompt?
Hi,
You are essentially asking: "How do I exploit svnserve to gain
access to a remote computer system?"
If you find an answer to this question, please let is know so
we can fix the problem.
Thanks,
Stefan
Re: howto gain full access to terminal via ssh and by pass "(
success ( 1 2 ( ANONYMOUS EXTERNAL ...."
Posted by "S. Aguinaga" <sa...@yahoo.com>.
In this case I am the Admin.
What I have done for now, is remove the start of "authorized_users":
command=/usr/local/aliasbin/svnserve -t -r /root/svn/repos" (I use a script that calls svnserve )
So, If I remove this first section before the rsa key, then I can login to the server with full access.
That's why I 'm wondering if I'm doing something wrong in this setup?
// Sal
________________________________
From: Erik Huelsmann <eh...@gmail.com>
To: S. Aguinaga <sa...@yahoo.com>
Cc: users@subversion.tigris.org
Sent: Tuesday, January 13, 2009 9:50:16 AM
Subject: Re: howto gain full access to terminal via ssh and by pass "( success ( 1 2 ( ANONYMOUS EXTERNAL ...."
On Mon, Jan 12, 2009 at 10:39 PM, S. Aguinaga <sa...@yahoo.com> wrote:
> I'd like to connect to my server with full access via "ssh user@server" but
> I get the following prompt:
> ( success ( 1 2 ( ANONYMOUS EXTERNAL ) ( edit-pipeline svndiff1
> absent-entries ) ) )"
> how do I bypass this?
> I just want to fully access my server.
> I do have an svn server running and I connect to it via:
> "command" svn+ssh://user@server/repo
> How do I bypass the prompt?
Your system admin didn't give you that option.
Bye,
Erik
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1022542
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: howto gain full access to terminal via ssh and by pass "(
success ( 1 2 ( ANONYMOUS EXTERNAL ...."
Posted by Erik Huelsmann <eh...@gmail.com>.
On Mon, Jan 12, 2009 at 10:39 PM, S. Aguinaga <sa...@yahoo.com> wrote:
> I'd like to connect to my server with full access via "ssh user@server" but
> I get the following prompt:
> ( success ( 1 2 ( ANONYMOUS EXTERNAL ) ( edit-pipeline svndiff1
> absent-entries ) ) )"
> how do I bypass this?
> I just want to fully access my server.
> I do have an svn server running and I connect to it via:
> "command" svn+ssh://user@server/repo
> How do I bypass the prompt?
Your system admin didn't give you that option.
Bye,
Erik