?
Solved

SSH/CVS server for SSH clients

Posted on 2004-03-21
2
Medium Priority
?
1,333 Views
Last Modified: 2010-04-22
Need to setup a CVS server which supports SSH tunneling.
Have already done chrooted cvsserver.
Need help in configuring SSH server to accept connections for CVS access.

--raj
0
Comment
Question by:rajshekar_j
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 180 total points
ID: 10647879

You need to make your cvs server listen to your localhost adress and the client should tunnel TCP/2401.
ssh -L 2401:cvsserver:2401 user@cvsserver.com
it should be something like this but you also need to give user access to anyone using cvs on your system.
And you cvs client should connect on the localhost address instead of the real cvs server address

regards
0
 
LVL 9

Accepted Solution

by:
Alf666 earned 195 total points
ID: 10662808
I might offer a pretty fun and very secure solution (plus, easy to set-up).

It involves configuring a simple user for cvs access (e.g: cvs) which has full access to your repository. This user's home should be set to your CVS repository's home.

Then, using a normally configured ssh server, you just have to create the following :

Inside your cvs user's home dir, create a .ssh directory.
It should contain a file called authorized_keys2.
This file will contain a list of keys authorized to connect without a password (read me 'til the end :-).

.ssh should be mode 700 and authorized_keys2 mode 600 or 400.

These keys need to have the following format :
command="/usr/bin/cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss <your_key_goes_here> <comments>

Of course, all on one line, and replace /usr/bin/cvs by your actual cvs exe.
<comments> should be something like "username". It allows you to know who the key belongs to.

What's the interest of this ?

1) Only one cvs user to configure
2) Each user will have to generate a personal key which you will add to the authorized_keys2 file
3) User management is easy. Just delete the proper key from the file
4) No password ! Except for the one the user will have to type to "unlock" his personal key.
5) ssh-agent can be used. So the user does not have to retype his key every time.
6) No need to have a complex chrooted cvs environment. But you can. In this case, replace the cvs exe in the keys by your chroot wrapper script.

How to implement it on the client side ?

1) Each user has to generate his own key :

ssh-keygen -t dsa

2) Each user has to have 2 lines in his profile file :

export CVSROOT=:ext:cvs@<your_cvs_host>:<your_cvs_root>
export CVS_RSH=ssh


That's it. Don't hesitate to ask for more infos.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question