Issue 1350: permit authentication connections from system SSH daemon
Status:  Duplicate
Merged:  issue 1349
Owner: ----
Closed:  Apr 2012
Project Member Reported by sop@google.com, Apr 23, 2012
Allow the system SSH daemon to use its forced command execution feature to run a local process that opens a redirection socket to Gerrit Code Review and copies stdin/stdout/stderr to the Gerrit process. This would allow a server to use OpenSSH on port 22 with a common username like "git" for end-user access, and then a forced command inside of an authorized_keys file to run the proxy that redirects into the Gerrit server. Operation is somewhat similar to gitolite.

This requires a small binary to be written to act as that proxy to redirect to Gerrit, and ideally use UNIX sockets to connect to the Gerrit server process rather than TCP/IP, as Gerrit can use peer authentication to verify who proxy is running as and decide to trust the proxy (or not).

This came up on 2012-04-23 on IRC and was proposed by djszapi.
Apr 23, 2012
#1 sop@google.com
(No comment was entered for this change.)
Status: Duplicate
Mergedinto: 1349