[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS through .SSH
From: |
Todd Denniston |
Subject: |
Re: CVS through .SSH |
Date: |
Mon, 15 Sep 2008 09:28:11 -0400 |
User-agent: |
Thunderbird 2.0.0.16 (X11/20080707) |
Arvind Kanaka Raju wrote, On 09/14/2008 11:14 PM:
Hi, Thanks for all the support provided earlier,
Background: we are CVS-Admin for an organization supporting
Concurrent Versions System (CVS) 1.11.21 (client/server)
Current Scenario: we are currently authenticating CVS users
through :pserver protocol.
Requirement : Kindly let us know if there is a possibility
of authenticating all users through .ssh and what are the
merits through .ssh.
Pro ssh:
encrypted sessions, i.e., your code is kept confidential over the wire (to the
level of confidentiality the encryption ssh can provide), and the encryption
provides a level of integrity on the data to.
PKI/crypto key login and server keys, i.e., the user can authenticate that the
server s/he is using is the intended server, and with PKI/crypto keys there
are no passwords used on the wire.
proven and audited authentication code, which you don't get with :pserver: .
You are using the system's access controls, which are usually stronger/more
flexible than cvs's.
You _can_ configure sshd to only allow the users to run specific commands on
the server.
Con ssh:
Each user has to have a real system account, that is maintained by the system
level admin.
If you are using PKI/crypto keys, then admins and user will need to learn how
to use them. (ssh-agent)
Locking the baseline from read/write means either changing the
permissions/ownership of the baseline directories or setting /etc/nologin,
instead of messing with the $CVSROOT/CVSROOT/readers|writers files.
Please provide us a detailed documentation on how to
setup .ssh authentication if any and which would help
us big way.
http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#SEC28
http://www.google.com/search?hl=en&q=cvs+ssh&btnG=Google+Search&aq=f&oq=
Thanks in advance
Regards,
Arvind.K.R
| Software Engineer |
| Infosys Technologies Limited - MCity| Mob: 9940104010|
| address@hidden<mailto:address@hidden>|
www.infosys.com<http://www.infosys.com/> |
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter