Google Groups

Re: [gitorious] Proper protocol

Benjamin Podszun Jun 27, 2011 6:25 AM
Posted in group: Gitorious

On Mon, Jun 27, 2011 at 4:18 PM, Rodrigo Rosenfeld Rosas
<> wrote:
> Em 27-06-2011 08:33, Benjamin Podszun escreveu:
>> Hi there
>> On Mon, Jun 27, 2011 at 11:17 AM, Marius Mårnes Mathiesen
>> <>  wrote:
>>> On Sun, Jun 26, 2011 at 10:16 AM, martin<>  wrote:
>>>> I don't understand why you are concerned about the dedicated git user
>>>> account... just lock it down properly. You have exactly the same
>>>> situation on every ssh server on the planet.
>>> As I mentioned above, I suspect most users running their own Gitorious
>>> servers have sshd running as the root user, since otherwise they'd need a
>>> separate IP address/port in order to do maintenance on their servers. I
>>> don't think it's reasonable to assume people looking for a way to
>>> collaborate on code have experience in locking down a SSH daemon on their
>>> server.
>> Since this came up several times now: Can you explain that part? I
>> wonder if you'd consider my environment at risk...

> What Marius is trying to say is that *if you're exposing your Gitorious
> installation to the web* you *must* make sure you protect it adequately.

> If you need to expose Gitorious, than it makes sense to disable SSH and go
> with HTTPS if you don't want to expose SSH to the Internet. Otherwise, you
> should probably disable password authentication for all users. It would also
> be a great idea to disallow SSH login with the root account and create
> another one for logging in instead. Not that SSH is unreliable, but these
> are best practices if your security concerns are high.

Could be. I'm not sure. We're probably all non-native english
speakers. I read 'have sshd running as the root user' as 'running the
process sshd with effective uid 0', which is the default, with some
twists (see the privilege separation thing). I don't know any problems
with this and would love to hear any issues that had
with this in the past. Maybe I adapt my own setup afterwards.

If it the point was purely about securing the box/service itself,
disallowing root logins etc, as you understood it, then my point is
moot and everything's good/I agree totally.