Solved

SSH/CVS server for SSH clients

Posted on 2004-03-21
2
1,313 Views
Last Modified: 2010-04-22
Need to setup a CVS server which supports SSH tunneling.
Have already done chrooted cvsserver.
Need help in configuring SSH server to accept connections for CVS access.

--raj
0
Comment
Question by:rajshekar_j
2 Comments
 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 60 total points
ID: 10647879

You need to make your cvs server listen to your localhost adress and the client should tunnel TCP/2401.
ssh -L 2401:cvsserver:2401 user@cvsserver.com
it should be something like this but you also need to give user access to anyone using cvs on your system.
And you cvs client should connect on the localhost address instead of the real cvs server address

regards
0
 
LVL 9

Accepted Solution

by:
Alf666 earned 65 total points
ID: 10662808
I might offer a pretty fun and very secure solution (plus, easy to set-up).

It involves configuring a simple user for cvs access (e.g: cvs) which has full access to your repository. This user's home should be set to your CVS repository's home.

Then, using a normally configured ssh server, you just have to create the following :

Inside your cvs user's home dir, create a .ssh directory.
It should contain a file called authorized_keys2.
This file will contain a list of keys authorized to connect without a password (read me 'til the end :-).

.ssh should be mode 700 and authorized_keys2 mode 600 or 400.

These keys need to have the following format :
command="/usr/bin/cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss <your_key_goes_here> <comments>

Of course, all on one line, and replace /usr/bin/cvs by your actual cvs exe.
<comments> should be something like "username". It allows you to know who the key belongs to.

What's the interest of this ?

1) Only one cvs user to configure
2) Each user will have to generate a personal key which you will add to the authorized_keys2 file
3) User management is easy. Just delete the proper key from the file
4) No password ! Except for the one the user will have to type to "unlock" his personal key.
5) ssh-agent can be used. So the user does not have to retype his key every time.
6) No need to have a complex chrooted cvs environment. But you can. In this case, replace the cvs exe in the keys by your chroot wrapper script.

How to implement it on the client side ?

1) Each user has to generate his own key :

ssh-keygen -t dsa

2) Each user has to have 2 lines in his profile file :

export CVSROOT=:ext:cvs@<your_cvs_host>:<your_cvs_root>
export CVS_RSH=ssh


That's it. Don't hesitate to ask for more infos.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
kerberos passwd: Authentication token manipulation error 8 88
Help Creating Splunk Queries 4 328
E-mail settings for Fail2ban 7 116
zmeu infection? 49 190
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now