Issue 923 wish: document how to use darcs securely via ssh

Title wish: document how to use darcs securely via ssh
Priority wishlist Status given-up
Milestone Resolved in
Superseder Nosy List cupe-darcs, darcs-devel, dmitry.kurochkin, jaredj, kowey, thorkilnaur, tommy, twb
Assigned To
Topics Documentation, ProbablyEasy

Created on 2008-06-13.15:17:55 by cupe-darcs, last changed 2017-07-30.23:45:38 by gh.

msg5041 (view) Author: cupe-darcs Date: 2008-06-13.15:17:52
hello darcs developers

I wanted to setup a darcs repo on a server where security is much
emphasized and i did not want to use pushing via email for various
Currently, as described in http://wiki.darcs.net/DarcsWiki/RepoViaSSH,
darcs seems to use several commands over ssh: darcs, scp, cd and
sftp-server are "whitelisted" by a perl script. As this script will be
bypassed easily, it is currently not possible to use darcs securely via ssh.

If darcs used only one command (i.e. "darcs"), ssh could be configured
to just allow this one command. This or any other method of offering
darcs rw access without giving out machine accounts would be much

This is useful in a setting where several developers are to be granted
pushing privileges on a repository, but are not trusted enough to be
given full ssh access and using email is not desired.



context in #darcs:

18:01 < twb> You can also limit an ssh keys to a single command in
18:01 < Heffalump> twb: that "obscure perl script" seems to be designed
to do that, I'm not sure why "raw darcs" isn't suitable for that but it
may well not be
18:01 < cupe> Heffalump: i think it's because darcs uses more than one
18:02 < cupe> darcs, scp, cd, sftp-server
18:02 < Heffalump> oh, right
18:02 < twb> It does?  That sucks.
18:02 < cupe> if that wasn't the case, i would not have any problems :)
18:02 < cupe> yep
18:03 < twb> IIUC rsync just boots a remote rsync process with a "be a
listener" switch
18:03 < twb> Also, cd is not a command
18:03 < twb> darcs should use darcs --repodir rather than cd'ing
18:04 < twb> Thereby avoiding the need for a shell process.
18:05 < cupe> yep, that would be nice
18:05 < cupe> although there is still scp involved
18:06 < twb> Theoretically there's no reason darcs --server --repodir
couldn't exec scp based on commands it receives from stdin
18:07 < twb> I suggest you file a wishlist bug
18:10 < cupe> i'll do that
msg5044 (view) Author: droundy Date: 2008-06-13.16:30:53
This is really a documentation request.  As long as darcs2 is installed on both
sides, darcs only executes two commands via ssh, and I see no reason to reduce
that to one.

msg7065 (view) Author: thorkilnaur Date: 2009-01-12.12:34:06
I am confused by the difference between the number of commands (or otherwise) 
mentioned in the original report (darcs, scp, cd, sftp-server are mentioned, 
possibly inspired by the description in http://wiki.darcs.net/DarcsWiki/RepoViaSSH) and the 2 commands mentioned by 
droundy. So could a volunteer please look into this to ensure that the issue is 
fully understood? Following that, we need a decision on what to do about it.

Thanks and best regards
msg7067 (view) Author: kowey Date: 2009-01-12.13:39:57
If you have darcs 2 on both ends, darcs *only* invokes the darcs command (over
ssh), and does at most twice: once for darcs transfer-mode, and once for darcs
apply (darcs push only)

So the volunteer should just document this fact
msg8161 (view) Author: kowey Date: 2009-08-15.12:59:48
See also issue1515
msg10492 (view) Author: kowey Date: 2010-03-24.17:53:53
I commented out the whitelisting of sftp-server and scp on

While I was at it, I added a disclaimer pointing out that this is not
officially endorsed by the Darcs Team (since I have no idea if that
actually was secure or not; I dimly recall some complaints about that page?)

So we still need a volunteer to verify and comment on the page in general.
Date User Action Args
2008-06-13 15:17:55cupe-darcscreate
2008-06-13 16:30:56droundysetpriority: wishlist
nosy: + droundy
status: unread -> unknown
messages: + msg5044
title: wishlist bug: enable using darcs securely via ssh -> wishlist bug: document how to use darcs securely via ssh
2008-06-13 16:31:11droundysetnosy: - droundy
2008-06-13 16:55:24koweylinkissue922 superseder
2008-06-13 16:56:00koweysettopic: + ProbablyEasy
nosy: + kowey, jaredj
2009-01-12 12:34:09thorkilnaursetstatus: unknown -> needs-reproduction
nosy: + dmitry.kurochkin, simon, thorkilnaur
messages: + msg7065
2009-01-12 13:40:00koweysetnosy: tommy, beschmi, kowey, dagit, simon, thorkilnaur, jaredj, dmitry.kurochkin, cupe-darcs
messages: + msg7067
2009-08-06 21:08:06adminsetnosy: - beschmi
2009-08-11 00:17:14adminsetnosy: - dagit
2009-08-15 12:59:54koweysettopic: + Documentation
nosy: + twb
messages: + msg8161
title: wishlist bug: document how to use darcs securely via ssh -> wish: document how to use darcs securely via ssh
2009-08-25 17:39:06adminsetnosy: + darcs-devel, - simon
2009-08-27 14:24:40adminsetnosy: tommy, kowey, darcs-devel, twb, thorkilnaur, jaredj, dmitry.kurochkin, cupe-darcs
2010-03-24 17:53:59koweysetmessages: + msg10492
2017-07-30 23:45:38ghsetstatus: needs-reproduction -> given-up