(Controlling the invoked command): Fix example to not use line
continuation, since SSH authorized_keys files don't support that.
Found by: Micah Anderson <micah{_AT_}riseup.net>
(See his mail below for details.)
From: Micah Anderson <micah{_AT_}riseup.net>
Subject: (forw) Error in SSH configuration tricks example
To: kfogel{_AT_}questioncopyright.org
Date: Sat, 2 Feb 2008 15:15:23 -0500
Hey karl,
I just found that my machine didn't actually send out this email because
my network connection was down. So instead of sending it to the
svnbook-dev address, I am just sending it to you, but if you feel like I
should also send it there, I'm happy to as well.
I looked in the nightly build, its not fixed there.
micah
From: Micah Anderson <micah{_AT_}riseup.net>
Subject: Error in example
To: svnbook-dev{_AT_}red-bean.com
Date: Sat, 2 Feb 2008 13:15:48 -0500
Hi,
I just found an error in the svn book, in this section:
http://svnbook.red-bean.com/en/1.4/svn-book.html#svn.serverconfig.svnserve.sshtricks
The example which details setting up an authorized_keys file with this
to restrict the user to the specific named command, is wrong. This is
the example presented in the book:
command="svnserve -t --tunnel-user=harry",no-port-forwarding,\
no-agent-forwarding,no-X11-forwarding,no-pty \
TYPE1 KEY1 harry@...
The line-continuation actually cannot be used in this file, if you do
use it, the command restriction isn't parsed *at all*. If you setup
something like the above and test it, you will find you can check out a
repostiroy fine, but you will also have ssh shell access to the server,
which you should *not* have if the command part of the key were working.
In order for this to work properly, all of this stuff has to be on one
line, with no continuation characters, as follows:
command="svnserve -t --tunnel-user=harry",no-port-forwarding, no-agent-forwarding,no-X11-forwarding,no-pty TYPE1 KEY1 harry@...
This is using openssh on debian stable, version 1:4.3p2-9.
Micah
