0

Presently my server is on an internal network and only used by me, however, I wish to create a new subversion repository and allow external people to access it. They should be restricted to svn access and not allowed to do anything else. They will access it by svn+ssh protocol.

The steps I believe I should take are below, but what other steps should I take?

  1. Add new users
  2. Create a public/private key for each user
  3. Add users to a group 'ext_svn' or similar
  4. Create repository and set r/w permissions for 'ext_svn' members
  5. Install SSH, redirect my router port to my server, disable root login and disable password login

Presumably they will still be able to SSH in and then download files from the internet, open ports, install backdoors, read server config files ... etc

Note that I'm focusing here on authorised users, I've already read this question about preventing unauthorised access

Community
  • 1
Craig
  • 175
  • The 5 steps look about right to me. I don't know anything about svn. Note, the public/private key pairs are to be created in each of the other computers used by the other users. They will share their public keys with your ssh server, and keep their private key private in their computers. – user68186 Apr 05 '17 at 17:14
  • Grok it - https://tortoisesvn.net/ssh_howto_logemann.html – Lazy Badger Apr 05 '17 at 17:28
  • @lazy Thanks for the link, I'm aware of that guide and should have added the link to my question. It explains fully the steps involved to setup a server and access it over svn+ssh but doesn't go into server security details whatsoever, which is out of scope of that guide. It's these security aspects that my question is about. – Craig Apr 05 '17 at 19:38
  • Thanks @user68186 I rarely have to create key pairs, but when I do I always get it the wrong way round! – Craig Apr 06 '17 at 07:51
  • @user68186 - NO, you are wrong (and more badly - totally). KeyPair is attribute of user, not host, can be created on any location and must be just properly delivered to end-users – Lazy Badger Apr 06 '17 at 14:19
  • https://svn.apache.org/repos/asf/subversion/trunk/notes/ssh-tricks in short http://zeroset.mnim.org/2012/08/14/svn-over-ssh-with-multiple-svn-users-and-a-single-unix-account-without-shell-access/ in long form have to close all security-related issues – Lazy Badger Apr 06 '17 at 14:37
  • @LazyBadger where did I state that the "KeyPair" is attribute of "host"? – user68186 Apr 06 '17 at 21:30
  • @user68186 is it your text: "...the public/private key pairs are to be created in each of the other computers used by the other users"?! – Lazy Badger Apr 07 '17 at 06:14
  • @LazyBadger I am wondering if you know how to spell host. – user68186 Apr 07 '17 at 12:38
  • Have one locked system account with greatly restricted shell for any amount of SVN-users and you'll get absolute minimum of headache from this users – Lazy Badger Apr 06 '17 at 14:39

0 Answers0