|
| From: | Fredrik Wendt |
| Subject: | Re: Moving to Pserver from .rhosts |
| Date: | Fri, 15 Nov 2002 17:08:16 +0100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1 |
Greg A. Woods wrote, On 2002-11-15 00:49:
That's partly wrong. If you set up the pserver and makes sure (either via inetd (hosts.deny/.allow) if that's your preferred way of launching it, or iptables etc) that only requests originating from 127.1 gets through, then by tunneling localport 2401 to remote port 2401 is absolutely secure.Because it's how remote CVS was designed to be used and because it is the only way to make remote CVS access secure. CVS-pserver is not secure in any way whatsoever and cannot be made secure.
First issue: ssh -L2401:localhost:2401Then set your CVSROOT to ":pserver:address@hidden:/repository" and off you go.
It has the advantage of not having the user at the cvs server adding/rewriting files, but only the user that the pserver runs as (which might take some weight of the poor admins burden).
My "two cents" anyway... / Fredrik
| [Prev in Thread] | Current Thread | [Next in Thread] |