On Thursday 23 Sep 2004 00:34, Paul wrote:
Hi Folks
After discussing a small problem about ssh and cvs with Brett last night, it was suggested I post the problem here...
I am attempting to set up a cvs server behind a firewall using ssh for security. The port forwarding works and has been tested from the outside, as does cvs access. At the moment, I have set up a usr account for each person requiring write access to the cvs repository.. However, I do not want to allow remote users to have shell access on the cvs server. Is there a simple way I can disable shell accounts for selected users and still have ssh & cvs working with some degree of security ?
Regards, Paul.
Yes!! If the user is only going to authenticate over SSH and not need shell access then it's possible by putting an invalid shell entry in /etc/passwd - I do this for my postgres account:-
postgres:x:502:502::/home/postgres:/bin/false
This way system authentication works but the user has no shell acess.
Matt