Archive for October, 2006

Tadek’s new mobile: 076 394 2998

Wednesday, October 25th, 2006

After more than 6 years with my current S35 (and something like 3 years with a crappy Orange prepaid card) I purchased a proper mobile (K800i) with a contract. Personally, I’ve been reasonably happy with my old mobile, in spite of Annie’s hostility towards this seemingly innocent device (this may have something to do with the high-pitched sound it produces when the battery dies in the middle of the night) and friends’ teasing remarks (my favourite is: “Noooooo, I can’t believe your mobile is SIX years old!”… I wonder what they would say knowing how old my car is…), but I will definitely benefit from things like a built-in 3MPix camera, Bluetooth or Edge for data transfer.

More importantly, my new mobile number has changed and is now 076 394 2998 (076 FYI AXYU). My current mobile 078 857 3165 is no longer valid.

As a final remark, I got a sunrise relax plan, which means that I am charged by hours (something like 0.49CHF/hour or 0.05CHF for <5s) when making calls to the sunrise network or fixnet. Therefore, if I’m calling your sunrise or fixnet, I might be either extremely talkative or very succint. If you have another mobile, the latter is far more likely ;-)

Restricted shell account (SSH and Subversion)

Wednesday, October 18th, 2006

While trying to set up a restricted shared shell account for SVN access I read about an interesting feature of OpenSSH. From this section of the SVN manual I learned that svn supports the following syntax in $HOME/.ssh/authorized_keys

  command="program" TYPE KEY COMMENT

Program is a command that will be executed instead of a shell when connected and it also supports different configuration options. For example, if you want the account to be really restricted you may want to pass the following options no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty. In my case, I used the following line in the configuration file:

command="/usr/bin/svnserve -t --tunnel-user=tadekp -r /var/lib/svn/svncommon",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3N.... tadekp@server

Just a few points to remember:

  • many commands can execute shell internally, watch out for these
  • the command can modify authorized_keys file, the best way to prevent it is to make it read only on the filesystem level