Posted by alexx on Fri 23 Mar 2007 at 09:32
There are many times where it is useful to setup a small repository for apt-get to install packages from. The downside of placing such a repository in a publicly available place means that other people might start using it. Here we'll look at a couple of simple ways of restricting access.
There are many reasons why you might want to have restricted access to your repository:
If you have small number of users or don't want strong security this is for you. Host the repository on a ftp server and create accounts for the users. Disable anonymous login.
Your users' /etc/apt/sources.list must contain the following line:
deb ftp://user:passwd@repo.server.com/debian ./
The drawback is that the password is transmitted in clear text over the network. I have tested this over ftp but not over sftp. Don't know if apt-get is capable of secure ftp connections.
2) Using http/httpsSimilar to using ftp. You will have to create a password protected directory on the httpd server. Several different methods are described here.
root@client# rsa-keygen2) Transfer the public key to the server in secure fashion.
root@client# scp /root/.ssh/id_rsa.pub root@repo.server.com:/tmp3) Add this public key into the authorized_keys file of user owner of repository. This will enable password-less login from client's computer into the server.
root@repo.server.com:~$ cat /tmp/id_rsa.pub >> /home/repo-owner/.ssh/authorized_keys4) Add to client's /etc/apt/sources.list the following line:
deb ssh://repo-owner@repo.server.com:/home/repo-owner/debian/ ./This tells apt-get to use ssh connection to the server with username `repo-owner'.
root@client# apt-get update --- skip --- Get:5 ssh://repo-owner@repo.server.com ./ Packages [3967B] --- skip ---NOTES
This article can be found online at the Debian Administration website at the following bookmarkable URL:
This article is copyright 2007 alexx - please ask for permission to republish or translate.