I'd like to have an SSH server running on an unprivileged port (say, 2222) such that I could have users be able to use the Bazaar DVCS; the idea would be whole set of repositories and the like would be owned by a single user (from the operating system’s point of view, that is) and then the SSH server that is running under the context of that single user account would be configured with users and passwords from some sort of a custom source.
The big things that would be required to make this work would be:
- The SSH server would be forced to run a custom shell program that would check the username and check the command line to ensure that the user is accessing a
bzr
repository/branch that the user has authorization to use. - The SSH server would be able to ensure that some environment variable is set to indicate what username was successfully authenticated (otherwise none of this would work).
I would like to do it this way because it can be troublesome to keep permissions on repositories correct for a repository with shared access through the system’s SSH server; also, I would like to have the SSH server eventually be run as part of a more complete service (with a Web interface, etc.) such that the Web service would ultimately manage the users and workgroups associated with a series of Bazaar repositories (and even possibly branches). Since the overall service would run as a single user at the operating system level and use its own notion of user accounts (perhaps even things like using OpenID), it would be very useful to essentially integrate the SSH server into the service as a whole.
I strongly suggest you look at how gitosis and gitolite solve this (through the use of
authorized_keys
and its ability to configure a forced command, ideally accepting a username as part of the commandline rather than altering the environment).