[NTLUG:Discuss] Can't login to CVS pserver over SSH tunnel
MadHat
madhat at unspecific.com
Fri Feb 8 19:08:46 CST 2002
On Fri, 2002-02-08 at 16:07, Richard Cobbe wrote:
> Lo, on , February 8, MadHat did write:
>
> > Hey guys,
> > I haven't had a chance to keep up with this thread, as I have been busy
> > with work this past week, but is there a reason you are using port
> > forwarding for CVS?
> >
> > I do CVS with SSH daily, and never use port forwarding, just setting a
> > couple of environment variables and some configs in the local rc files.
>
> A fairly good question, actually. One potential answer: tunneling CVS
> over ssh (using the :ext: connection method and CVS_RSH) does require
> granting the user shell access on the server machine. If that's not
> acceptable for security reasons, Neil's method is, in theory, probably
> the best alternative.
>
No it doesn't. It only requires access to the cvs command.
If you use SSH keys, you can add a command=cvs in it and then disable
passwd authentication. The you have to use the key and can only run
cvs. The other option is to write a simple custom script that wpuld
take the command check to amke sure it is cvs and run that returning the
results. I have done it both ways. Both I consider more secure (with
the proper configs and checks in place) and much easier than the port
forwarding.
> Richard
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
--
MadHat at Unspecific.com
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
Key fingerprint = E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
More information about the Discuss
mailing list