Solved

SSH/CVS server for SSH clients

Posted on 2004-03-21
2
1,322 Views
Last Modified: 2010-04-22
Need to setup a CVS server which supports SSH tunneling.
Have already done chrooted cvsserver.
Need help in configuring SSH server to accept connections for CVS access.

--raj
0
Comment
Question by:rajshekar_j
2 Comments
 
LVL 6

Assisted Solution

by:bloemkool1980
bloemkool1980 earned 60 total points
ID: 10647879

You need to make your cvs server listen to your localhost adress and the client should tunnel TCP/2401.
ssh -L 2401:cvsserver:2401 user@cvsserver.com
it should be something like this but you also need to give user access to anyone using cvs on your system.
And you cvs client should connect on the localhost address instead of the real cvs server address

regards
0
 
LVL 9

Accepted Solution

by:
Alf666 earned 65 total points
ID: 10662808
I might offer a pretty fun and very secure solution (plus, easy to set-up).

It involves configuring a simple user for cvs access (e.g: cvs) which has full access to your repository. This user's home should be set to your CVS repository's home.

Then, using a normally configured ssh server, you just have to create the following :

Inside your cvs user's home dir, create a .ssh directory.
It should contain a file called authorized_keys2.
This file will contain a list of keys authorized to connect without a password (read me 'til the end :-).

.ssh should be mode 700 and authorized_keys2 mode 600 or 400.

These keys need to have the following format :
command="/usr/bin/cvs server",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss <your_key_goes_here> <comments>

Of course, all on one line, and replace /usr/bin/cvs by your actual cvs exe.
<comments> should be something like "username". It allows you to know who the key belongs to.

What's the interest of this ?

1) Only one cvs user to configure
2) Each user will have to generate a personal key which you will add to the authorized_keys2 file
3) User management is easy. Just delete the proper key from the file
4) No password ! Except for the one the user will have to type to "unlock" his personal key.
5) ssh-agent can be used. So the user does not have to retype his key every time.
6) No need to have a complex chrooted cvs environment. But you can. In this case, replace the cvs exe in the keys by your chroot wrapper script.

How to implement it on the client side ?

1) Each user has to generate his own key :

ssh-keygen -t dsa

2) Each user has to have 2 lines in his profile file :

export CVSROOT=:ext:cvs@<your_cvs_host>:<your_cvs_root>
export CVS_RSH=ssh


That's it. Don't hesitate to ask for more infos.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question