[linux-elitists] Secure CVS

Heather star@starshine.org
Sat Feb 10 10:33:15 PST 2001


> 'tag alles,
> 
> So, pservers scare me.

Funny, that's exactly what joey says in his description of running CVS
over ssh:  http://kitenet.net/programs/sshcvs/

(btw, Thanks should go to Rick for the pile of notes he keeps at linuxmafia.)

> Behind the firewall on a dev box, fine, but not on a
> webserver (staging or otherwise). I've finally convinced a few blockhead
> web developers that CVS will save them from themselves, but I can't find any
> good secure CVS howtoish stuff.

Hmm, well it appears that the deep magic centers around having fun with the
"where do I find/what I use for rsh" variable.

One presumes that it would be as easy to set up several dumdum meta-users
to land in CVS joey's way, so that you could tell who was coming in.

And it's a side note but you might also find the notes on using a local
CVS repository that automatically goes to momma/the remote repository when
reasonable:  http://www.engelschall.com/pw/apache/cvsguide/
... to be a handy way to keep your colleagues from whining that doing The
Right Think makes life slow.  Some abuse of the instructions required, of 
course.
 
> Hacks abound; I'm hoping someone will have a method that doesn't require
> shell access on the remote machine, 

joey psuedo-solved that;  landing in CVS' shell instead of a real shell is 
automatic.  A dummy account is still required.

> and keeps things reasonably sane on the
> client end. Don't want to confuse them again (changing them over to Linux
> and finally CVS was pain enough - for me)!
> 
> - Jeff
 
Er, you don't have any colleagues still using MSwin, do you?  If you do
it can be solved too, it's just evil... and looked tedious.  Among the many
sources of evil is the question of whether you have ssh tools for windows
that will properly demand a passphrase.
 
* Heather * A successful [software] tool is one that was used to do something 
            undreamed of by its author.  -- S. C. Johnson



More information about the linux-elitists mailing list