Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1337
  • Last Modified:

SSH/CVS server for SSH clients

Need to setup a CVS server which supports SSH tunneling.
Have already done chrooted cvsserver.
Need help in configuring SSH server to accept connections for CVS access.

--raj
0
rajshekar_j
Asked:
rajshekar_j
2 Solutions
 
bloemkool1980Commented:

You need to make your cvs server listen to your localhost adress and the client should tunnel TCP/2401.
ssh -L 2401:cvsserver:2401 user@cvsserver.com
it should be something like this but you also need to give user access to anyone using cvs on your system.
And you cvs client should connect on the localhost address instead of the real cvs server address

regards
0
 
Alf666Commented:
I might offer a pretty fun and very secure solution (plus, easy to set-up).

It involves configuring a simple user for cvs access (e.g: cvs) which has full access to your repository. This user's home should be set to your CVS repository's home.

Then, using a normally configured ssh server, you just have to create the following :

Inside your cvs user's home dir, create a .ssh directory.
It should contain a file called authorized_keys2.
This file will contain a list of keys authorized to connect without a password (read me 'til the end :-).

.ssh should be mode 700 and authorized_keys2 mode 600 or 400.

These keys need to have the following format :
command="/usr/bin/cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss <your_key_goes_here> <comments>

Of course, all on one line, and replace /usr/bin/cvs by your actual cvs exe.
<comments> should be something like "username". It allows you to know who the key belongs to.

What's the interest of this ?

1) Only one cvs user to configure
2) Each user will have to generate a personal key which you will add to the authorized_keys2 file
3) User management is easy. Just delete the proper key from the file
4) No password ! Except for the one the user will have to type to "unlock" his personal key.
5) ssh-agent can be used. So the user does not have to retype his key every time.
6) No need to have a complex chrooted cvs environment. But you can. In this case, replace the cvs exe in the keys by your chroot wrapper script.

How to implement it on the client side ?

1) Each user has to generate his own key :

ssh-keygen -t dsa

2) Each user has to have 2 lines in his profile file :

export CVSROOT=:ext:cvs@<your_cvs_host>:<your_cvs_root>
export CVS_RSH=ssh


That's it. Don't hesitate to ask for more infos.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now