README

author: Andrew Cady <d@cryptonomic.net> 2021-10-23 12:13:00 -0400
committer: Andrew Cady <d@cryptonomic.net> 2021-10-23 12:21:24 -0400
commit: 2696429ad843fa2d74f5607245140c9d1e13159b (patch)
tree: cbd3b10f2178e9c152648b3ae0944b582284d6e0
parent: c1f1b3f92b8e7da270ae2ff9acb690d09526e255 (diff)
3 files changed, 99 insertions, 108 deletions
diff --git a/Makefile b/Makefile
index 7e1a74c..b203340 100644
--- a/Makefile
+++ b/Makefile
@@ -25,4 +25,7 @@ install:
        $(ROOT_INSTALL)        -t "$(SSH_LIB_DIR)" AuthorizedKeysCommand || true
        [ -e "$(SSH_LIB_DIR)"/AuthorizedKeysCommand ] || $(SUDO) ln -s -t /etc/ssh "$(SSH_LIB_DIR)"/AuthorizedKeysCommand
+README.html: README.md
+        pandoc -t html $< > $@
 include tests.makefile
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d4b8127
--- /dev/null
+++ b/README.md
@@ -0,0 +1,96 @@
+AnonymousSSH
+------------
+WHAT IT DOES
+------------
+This repository contains the code to share itself (the repository)
+through Git-over-SSH.
+It also contains the code to listen for changes sent to itself through
+Git-over-SSH.
+HOW IT WORKS
+------------
+Git contains a program `git-receive-pack` which implements a git
+protocol server. The `git-receive-pack` expects to be launched as an SSH
+server "ForcedCommand" in a configuration that protects the server from
+untrustworthy users.
+Normally, the SSH server only permits users who have already uploaded
+their public keys to the server. It assumes that access should be closed
+to new users.
+Installing this code reverses that assumption, granting open access to
+unrecognized users. This is made safe by limiting write access to a
+GIT_NAMESPACE over which the user proves global mathematical ownership
+with their SSH client key.
+HOW TO INSTALL
+--------------
+Run:
+```
+  make
+```
+This installs the `AnonymousAccessCommand` in the current user's home
+directory.
+Then, if sudo access is available, it enables anonymous access by
+editing the system `OpenSSH` configuration.
+NON-ROOT INSTALLATION
+---------------------
+If sudo access is not available, you can install to a different
+location:
+```
+  make SSH_CONFIG_DIR=.config/ssh \
+       SSHD_CONFIG_DIR=.config/ssh/config.d \
+       SSH_LIB_DIR=.local/lib/ssh
+```
+Then you will need to run `OpenSSH` on a non-default port (the default
+port requires root access).
+ALTERNATIVE LOCATION OF `AnonymousAccessCommand`
+------------------------------------------------
+It is also possible to choose the location of the
+`AnonymousAccessCommand` itself:
+```
+  make USER_SSH_CONFIG_DIR=$HOME/.config/ssh
+```
+First you would have to make the contents of the installed file
+`AuthorizedKeysCommand` vary according to that `Makefile` paremeter, by
+editing `Makefile`.
diff --git a/README.txt b/README.txt
deleted file mode 100644
index e65cdbe..0000000
--- a/README.txt
+++ /dev/null
@@ -1,108 +0,0 @@
-WHAT IT DOES
------------
-This repository contains the code to share itself through Git-over-SSH.
-It also contains the code to listen for changes sent to itself through
-Git-over-SSH.
-.
-.
-.
-.
-.
-.
-HOW IT WORKS
------------
-Git contains a program `git-receive-pack` which implements a git protocol
-server. The `git-receive-pack` expects to be launched as an SSH server
-"ForcedCommand" in a configuration that protects the server from untrustworthy
-users.
-.
-.
-.
-.
-.
-.
-HOW TO INSTALL
--------------
-Run:
-    make
-This installs the `AnonymousAccessCommand` in the current user's home directory.
-Then, if sudo access is available, it enables anonymous access by editing the
-system `OpenSSH` configuration.
-.
-.
-.
-.
-.
-.
-NON-ROOT INSTALLATION
---------------------
-If sudo access is not available, you can install to a different location:
-```
-  make SSH_CONFIG_DIR=.config/ssh \
-       SSHD_CONFIG_DIR=.config/ssh/config.d \
-       SSH_LIB_DIR=.local/lib/ssh
-```
-Then you will need to run `OpenSSH` on a non-default port (the default port
-requires root access).
-.
-.
-.
-.
-.
-.
-ALTERNATIVE LOCATION OF `AnonymousAccessCommand`
------------------------------------------------
-It is also possible to choose the location of the `AnonymousAccessCommand` itself:
-```
-  make USER_SSH_CONFIG_DIR=/.config/ssh
-```
-First you will have to make `AuthorizedKeysCommand` vary according to that
-paremeter.
author	Andrew Cady <d@cryptonomic.net>	2021-10-23 12:13:00 -0400
committer	Andrew Cady <d@cryptonomic.net>	2021-10-23 12:21:24 -0400
commit	2696429ad843fa2d74f5607245140c9d1e13159b (patch)
tree	cbd3b10f2178e9c152648b3ae0944b582284d6e0
parent	c1f1b3f92b8e7da270ae2ff9acb690d09526e255 (diff)

diff --git a/Makefile b/Makefile index 7e1a74c..b203340 100644 --- a/Makefile +++ b/Makefile
@@ -25,4 +25,7 @@ install:
25	$(ROOT_INSTALL) -t "$(SSH_LIB_DIR)" AuthorizedKeysCommand \|\| true	25	$(ROOT_INSTALL) -t "$(SSH_LIB_DIR)" AuthorizedKeysCommand \|\| true
26	[ -e "$(SSH_LIB_DIR)"/AuthorizedKeysCommand ] \|\| $(SUDO) ln -s -t /etc/ssh "$(SSH_LIB_DIR)"/AuthorizedKeysCommand	26	[ -e "$(SSH_LIB_DIR)"/AuthorizedKeysCommand ] \|\| $(SUDO) ln -s -t /etc/ssh "$(SSH_LIB_DIR)"/AuthorizedKeysCommand
27		27
		28	README.html: README.md
		29	pandoc -t html $< > $@
		30
28	include tests.makefile	31	include tests.makefile


diff --git a/README.md b/README.md new file mode 100644 index 0000000..d4b8127 --- /dev/null +++ b/README.md
@@ -0,0 +1,96 @@
		1	AnonymousSSH
		2	------------
		3
		4
		5
		6
		7
		8
		9	WHAT IT DOES
		10	------------
		11
		12	This repository contains the code to share itself (the repository)
		13	through Git-over-SSH.
		14
		15	It also contains the code to listen for changes sent to itself through
		16	Git-over-SSH.
		17
		18
		19
		20
		21
		22
		23	HOW IT WORKS
		24	------------
		25
		26	Git contains a program `git-receive-pack` which implements a git
		27	protocol server. The `git-receive-pack` expects to be launched as an SSH
		28	server "ForcedCommand" in a configuration that protects the server from
		29	untrustworthy users.
		30
		31	Normally, the SSH server only permits users who have already uploaded
		32	their public keys to the server. It assumes that access should be closed
		33	to new users.
		34
		35	Installing this code reverses that assumption, granting open access to
		36	unrecognized users. This is made safe by limiting write access to a
		37	GIT_NAMESPACE over which the user proves global mathematical ownership
		38	with their SSH client key.
		39
		40
		41
		42
		43
		44
		45	HOW TO INSTALL
		46	--------------
		47
		48	Run:
		49	```
		50	make
		51	```
		52
		53	This installs the `AnonymousAccessCommand` in the current user's home
		54	directory.
		55
		56	Then, if sudo access is available, it enables anonymous access by
		57	editing the system `OpenSSH` configuration.
		58
		59
		60
		61
		62
		63
		64	NON-ROOT INSTALLATION
		65	---------------------
		66
		67	If sudo access is not available, you can install to a different
		68	location:
		69
		70	```
		71	make SSH_CONFIG_DIR=.config/ssh \
		72	SSHD_CONFIG_DIR=.config/ssh/config.d \
		73	SSH_LIB_DIR=.local/lib/ssh
		74	```
		75
		76	Then you will need to run `OpenSSH` on a non-default port (the default
		77	port requires root access).
		78
		79
		80
		81
		82
		83
		84	ALTERNATIVE LOCATION OF `AnonymousAccessCommand`
		85	------------------------------------------------
		86
		87	It is also possible to choose the location of the
		88	`AnonymousAccessCommand` itself:
		89
		90	```
		91	make USER_SSH_CONFIG_DIR=$HOME/.config/ssh
		92	```
		93
		94	First you would have to make the contents of the installed file
		95	`AuthorizedKeysCommand` vary according to that `Makefile` paremeter, by
		96	editing `Makefile`.


diff --git a/README.txt b/README.txt deleted file mode 100644 index e65cdbe..0000000 --- a/README.txt +++ /dev/null
@@ -1,108 +0,0 @@
1	WHAT IT DOES
2	------------
3
4	This repository contains the code to share itself through Git-over-SSH.
5
6	It also contains the code to listen for changes sent to itself through
7	Git-over-SSH.
8
9
10
11
12	.
13	.
14	.
15	.
16	.
17	.
18
19
20
21	HOW IT WORKS
22	------------
23
24	Git contains a program `git-receive-pack` which implements a git protocol
25	server. The `git-receive-pack` expects to be launched as an SSH server
26	"ForcedCommand" in a configuration that protects the server from untrustworthy
27	users.
28
29
30
31	.
32	.
33	.
34	.
35	.
36	.
37	HOW TO INSTALL
38	--------------
39
40
41	Run:
42
43
44	make
45
46
47
48	This installs the `AnonymousAccessCommand` in the current user's home directory.
49
50	Then, if sudo access is available, it enables anonymous access by editing the
51	system `OpenSSH` configuration.
52
53
54
55	.
56	.
57	.
58	.
59	.
60	.
61
62
63
64	NON-ROOT INSTALLATION
65	---------------------
66
67	If sudo access is not available, you can install to a different location:
68
69	```
70	make SSH_CONFIG_DIR=.config/ssh \
71	SSHD_CONFIG_DIR=.config/ssh/config.d \
72	SSH_LIB_DIR=.local/lib/ssh
73	```
74
75	Then you will need to run `OpenSSH` on a non-default port (the default port
76	requires root access).
77
78
79
80	.
81	.
82	.
83	.
84	.
85	.
86
87
88
89	ALTERNATIVE LOCATION OF `AnonymousAccessCommand`
90	------------------------------------------------
91
92	It is also possible to choose the location of the `AnonymousAccessCommand` itself:
93
94	```
95	make USER_SSH_CONFIG_DIR=/.config/ssh
96	```
97
98	First you will have to make `AuthorizedKeysCommand` vary according to that
99	paremeter.
100
101
102
103
104
105
106
107
108