20
20
``bzr_ssh_path_limiter``, a script that runs the Bazaar smart server on the
21
21
server machine at a specified path, and allows no other access.
27
command="/path/to/bzr_ssh_path_limiter <path>" ssh-<type> <key>
29
in each user's ``~/.ssh/authorized_keys`` file, where `<type>` is the type of
30
enryption key, `<key>` is the public key and `<path>` is the path to limit
31
access to (and its subdirectories). This will only permit Bazaar access to
32
the specified path and no other SSH access for that user.
23
To set it up, specify::
25
command="/path/to/bzr_ssh_path_limiter <path>" <typical key line>
27
in each user's ``~/.ssh/authorized_keys`` file on the server, where `<path>` is
28
the path to limit access to (and its subdirectories). For more documentation
29
on the syntax of the ``authorized_keys`` file see the documentation of the SSH
30
server. This will only permit Bazaar access to the specified path and no other
31
SSH access for that user.
34
33
If it isn't desired to give each user an account on the server, multiple
35
34
private/public key pairs can be included under one single SSH account (say
36
35
sshuser) in the ``~sshuser/.ssh/authorized_keys`` file and then each developer
37
36
can be given their own private key. They can then use
38
``bzr+ssh://sshuser@server.example.com/`` URLs to access the server. It is
39
even possible to use a single private/public key pair for the SSH user where
40
all of the developers use the same private key, but this means that revoking
41
one developer's access requires regenerating and redistributing keys to all of
42
the other developers. For this reason, we don't recommend using a single key
43
pair for all of the developers.
37
``bzr+ssh://sshuser@server.example.com/`` URLs to access the server.
45
39
Using HTTP authentication methods
46
40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
added
removed
doc/en/admin-guide/security.txt
