[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS server access
From: |
Mark D. Baushke |
Subject: |
Re: CVS server access |
Date: |
Sat, 16 Jul 2005 23:30:07 -0700 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Smith <address@hidden> writes:
> I recently configured my CVS server (Fedora Core 4) with ssh access
> using public/private keys and with password authentication disabled.
>
> I am able to access the server in one of two ways:
>
> (1) ssh access
>
> CVSROOT=:ext:<username>@SessionFileName:CVSRootLocation
> So, for every CVS command, there is a ssh authetication.
>
> (2) pserver tunneled through ssh
>
> CVSROOT=:pserver:<username>@localhost:CVSRootLocation
> For this, I am transfering the pserver port to my local machine using the
> method described here
> http://www.se.rit.edu/se-pserver-over-ssh-howto/pserver-ssh-howto.html
> So, there is only one ssh authentication and pserver is tunneled through
> ssh.
> My cvspserver service uses system authentication (so, I do not have a
> password file in cvsroot).
>
> Question: is there an overwhelming reason to use one over the other?
There are many good reasons to avoid :pserver: and very few good reasons
to use it. Search the address@hidden archives
http://lists.gnu.org/pipermail/info-cvs
for many posts on the subject.
> My thoughts are that (1) is more secure but more resource intensive
> (on the server).
It is more secure. It is not clear that it is that much more resource
intensive on the server.
> With (2) I am running the risk of sending a clear text password
> through the tunnel (is that correct?).
Well, it is trivially encoded, so you can't say that it is literally a
'clear text password'. However, the password is encoded in a completely
reversable manner, so it is close enough to being clear text as to not
really matter.
> Your opinion?
I recommend (1).
-- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)
iD8DBQFC2fruCg7APGsDnFERAoC3AJsE3x8soyqeVA8B8dRYet+ySQZhegCgqMh2
Uxk5HJbFTQS6jtG13epYoq4=
=zjgQ
-----END PGP SIGNATURE-----