Originally created by: kubalik....@gmail.com
Firstly, I have to thanks for really good and helpful documentation which is this book.
Anyway, there is a suggestion to the chapter 6, section SSH Configuration Tricks. During the first reading of this chapter it was difficult to understand where to put authorized keys with the command and what username is the client suppose to use.
There could be mentioned that it is the "svnuser/.ssh/authorized_keys" file where all the user's (harry and sally)'s public keys with commands are put. Therefore each user is using svnuser username in the svn+ssh url, i.e. svn co svn+ssh://svnuser@server/repository (example may be added as well).
From the paragraph "A final word of caution" I had feeling that if you add the command="" field into the authorized_keys file, the same user is still able to connect through the ssh to the shell. The paragraph actually speaks about the harry's and sally's login, not the svnuser. The svnuser is actually connected to stdin/stdout of the svnserve command when he does "ssh svnuser@server". That could be also mentioned.
A good trick is also setting umask before svnserve is run if you do not want any user to have permission to access the repository filesystem structure. I don't know about any other way how to set the default svnuser umask as the .profile is not read when ssh session is started with this command:
command="umask 027; svnserve -t --tunnel-user=harry" TYPE1 KEY1 harry@example.com
Regards
Jakub
Diff: