0

I would like to allow some users to read/write Bazaar repositories on a server using ssh.

I read about using bzr_ssh_path_limiter (with restricted ssh keys) which is a nice tool and seems to do the work. I've also seen that it is possible to use sftp for bazaar.

  • Is bazaar ("bzr serve") secure enough that the client cannot execute any shell commands?
  • Should I use sftp? Can I restrict access to a folder? and disallow shell commands?
masegaloeh
  • 18,236
  • 10
  • 57
  • 106
Weboide
  • 3,345
  • 1
  • 25
  • 33

1 Answers1

0

Well, while I am inclined to trust the combination of bzr serve and ssh, there is still a lot less "moving parts" in an OpenSSH SFTP chroot. Hence, a lot less thing which could go wrong, or which could be exploited.

The potential problem with running bazaar against SFTP is that is relatively slow. Whatever that is a problem or not depends on what kind of repositories you will be sharing. Yet, if you are worried about security, then I think you should at least try the SFTP-chroot solution, to see whatever it is feasible or not.

andol
  • 6,938
  • 29
  • 43