Bazaar Auth -plugin

Timo Reunanen parker at
Tue Feb 5 17:49:18 GMT 2008

Now it uses own port (4255) and need to run via 'bzr auth-serve' and
sets up own and very simple ssh server with paramiko.

Server side is almost copy of paramiko/demos/ and gives
ssh channel to SmartServerSocketStreamMedium class.

Best in this, it's works fine with Windows. :)

There is 5 commands:
 auth-init = initializes and generates server key in to brachnes or
repositories .bzr
 auth-unint = removes auth stuff from .bzr
 auth-add = add user with public.key to authorized_keys
 auth-remove = remove user from authorized_keys
 auth-serve = Almost same as 'bzr serve'

Simple tutorial is included in trunk

p.s this is still just proof of concept and needs lots of thinking how
to do things correctly :)


On 2/5/08, John Arbash Meinel <john at> wrote:
> Timo Reunanen wrote:
> > Hi list.
> >
> > Two days ago I was thinking is it possible to make secure "bzr serve"
> > with custom SSH server using paramiko and use public keys to
> > authenticate.
> >
> > Yesterday I made proof of concept and results can found from here:
> >
> >
> > Ok, I have used bzr and paramiko about two days and this is my first
> > plugin, so it is not so beautiful code :)
> >
> > Timo.
> >
> >
> Thanks for putting this together. Could you give any more description
> about how it is used? Do you still run 'bzr serve'? Does it take a flag
> or just always start up an ssh server? Does it default to port 22?
> (Makes it hard to run as a non-admin.)
> John
> =:->

More information about the bazaar mailing list