Re: CVS through .SSH

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS through .SSH

From:	Todd Denniston
Subject:	Re: CVS through .SSH
Date:	Mon, 15 Sep 2008 09:28:11 -0400
User-agent:	Thunderbird 2.0.0.16 (X11/20080707)

Arvind Kanaka Raju wrote, On 09/14/2008 11:14 PM:

Hi, Thanks for all the support provided earlier,
Background: we are CVS-Admin for an organization supportingConcurrent Versions System (CVS) 1.11.21 (client/server)
Current Scenario: we are currently authenticating CVS usersthrough :pserver protocol.
Requirement : Kindly let us know if there is a possibilityof authenticating all users through .ssh and what are themerits through .ssh.


Pro ssh:

encrypted sessions, i.e., your code is kept confidential over the wire (to thelevel of confidentiality the encryption ssh can provide), and the encryptionprovides a level of integrity on the data to.

PKI/crypto key login and server keys, i.e., the user can authenticate that theserver s/he is using is the intended server, and with PKI/crypto keys thereare no passwords used on the wire.


proven and audited authentication code, which you don't get with :pserver: .

You are using the system's access controls, which are usually stronger/moreflexible than cvs's.

You _can_ configure sshd to only allow the users to run specific commands onthe server.



Con ssh:

Each user has to have a real system account, that is maintained by the systemlevel admin.

If you are using PKI/crypto keys, then admins and user will need to learn howto use them. (ssh-agent)

Locking the baseline from read/write means either changing thepermissions/ownership of the baseline directories or setting /etc/nologin,instead of messing with the $CVSROOT/CVSROOT/readers|writers files.

Please provide us a detailed documentation on how tosetup .ssh authentication if any and which would helpus big way.


http://ximbiot.com/cvs/manual/cvs-1.11.23/cvs_2.html#SEC28
http://www.google.com/search?hl=en&q=cvs+ssh&btnG=Google+Search&aq=f&oq=

Thanks in advance
Regards,
 Arvind.K.R
| Software Engineer |
| Infosys Technologies Limited - MCity| Mob: 9940104010|
| address@hidden<mailto:address@hidden>| 
www.infosys.com<http://www.infosys.com/> |


--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

[Prev in Thread]

Current Thread

[Next in Thread]

CVS through .SSH, Arvind Kanaka Raju, 2008/09/12
- CVS through .SSH, Arvind Kanaka Raju, 2008/09/15
  - Re: CVS through .SSH, Todd Denniston <=

Prev by Date: CVS through .SSH
Next by Date: Checking out an old file, modifying and checking it back in
Previous by thread: CVS through .SSH
Next by thread: Re: Obtaining the files modified/created after a failed/successful build of CVS repository
Index(es):
- Date
- Thread