1

I have a windows server with a project configured with a revision control system. Suppose it's GIT or SVN or .... Suppose there are 10 people around the globe working on this project.

The first thing that comes in to mind is to secure the connection between these programmer and the server with SSH. but my problem is that the a hacker can destroy the server if he gets the SSH username and password user account (tell me if i'm wrong).

So I need a secure way to let thoes programmers push their revision to the server. Any ideas would be lovely

user24912
  • 237
  • 1
  • 4
  • 9

2 Answers2

2

First, an SSH account can be secured (with public key only authentication, for example).

With Mercurial setup correctly, you can only push new revisions, not destroy anything. But if an attacker gets write access to the repository, you'll have other problems anyway. You could use protected HTTP access too, if you don't want to give them a new account.

Martin Geisler
  • 1,271
  • 9
  • 23
tonfa
  • 301
  • 1
  • 3
1

Currently I use a distributed revision control system called 'darcs'. I've tried both approaches outlined below using that tool and linux servers. I've also used approach 1 with Subversion and with CVS.

Your mileage may vary on different server and/or the revision control systems. But the basic approaches may be feasible one way or another on whatever configurations you have selected.

1- Using a single user account without divulging its password to anyone, you authenticate connections to that account via SSH using public keys. You confine the privileges of that single user account to only have access to the repository. Contributors to your repository must generate a private/public key pair and ship you the public key so that you can add it to the authorized keys. If you remove it, he loses access.

2- Require your patch contributors to sign and email patches. You maintain a public keyring which holds the keys of authorized contributors. all patch signatures are verified against that keyring before they are applied. So only patches signed by authorized contributors are applied.