• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1345
  • Last Modified:

SSH/CVS server for SSH clients

Need to setup a CVS server which supports SSH tunneling.
Have already done chrooted cvsserver.
Need help in configuring SSH server to accept connections for CVS access.

--raj
0
rajshekar_j
Asked:
rajshekar_j
2 Solutions
 
bloemkool1980Commented:

You need to make your cvs server listen to your localhost adress and the client should tunnel TCP/2401.
ssh -L 2401:cvsserver:2401 user@cvsserver.com
it should be something like this but you also need to give user access to anyone using cvs on your system.
And you cvs client should connect on the localhost address instead of the real cvs server address

regards
0
 
Alf666Commented:
I might offer a pretty fun and very secure solution (plus, easy to set-up).

It involves configuring a simple user for cvs access (e.g: cvs) which has full access to your repository. This user's home should be set to your CVS repository's home.

Then, using a normally configured ssh server, you just have to create the following :

Inside your cvs user's home dir, create a .ssh directory.
It should contain a file called authorized_keys2.
This file will contain a list of keys authorized to connect without a password (read me 'til the end :-).

.ssh should be mode 700 and authorized_keys2 mode 600 or 400.

These keys need to have the following format :
command="/usr/bin/cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss <your_key_goes_here> <comments>

Of course, all on one line, and replace /usr/bin/cvs by your actual cvs exe.
<comments> should be something like "username". It allows you to know who the key belongs to.

What's the interest of this ?

1) Only one cvs user to configure
2) Each user will have to generate a personal key which you will add to the authorized_keys2 file
3) User management is easy. Just delete the proper key from the file
4) No password ! Except for the one the user will have to type to "unlock" his personal key.
5) ssh-agent can be used. So the user does not have to retype his key every time.
6) No need to have a complex chrooted cvs environment. But you can. In this case, replace the cvs exe in the keys by your chroot wrapper script.

How to implement it on the client side ?

1) Each user has to generate his own key :

ssh-keygen -t dsa

2) Each user has to have 2 lines in his profile file :

export CVSROOT=:ext:cvs@<your_cvs_host>:<your_cvs_root>
export CVS_RSH=ssh


That's it. Don't hesitate to ask for more infos.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now