[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving to Pserver from .rhosts

From: Fredrik Wendt
Subject: Re: Moving to Pserver from .rhosts
Date: Fri, 15 Nov 2002 17:08:16 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1

Greg A. Woods wrote, On 2002-11-15 00:49:

Because it's how remote CVS was designed to be used and because it is
the only way to make remote CVS access secure.  CVS-pserver is not
secure in any way whatsoever and cannot be made secure.
That's partly wrong. If you set up the pserver and makes sure (either via inetd (hosts.deny/.allow) if that's your preferred way of launching it, or iptables etc) that only requests originating from 127.1 gets through, then by tunneling localport 2401 to remote port 2401 is absolutely secure.

First issue:
ssh -L2401:localhost:2401

Then set your CVSROOT to ":pserver:address@hidden:/repository" and off you go.

It has the advantage of not having the user at the cvs server adding/rewriting files, but only the user that the pserver runs as (which might take some weight of the poor admins burden).

My "two cents" anyway...


reply via email to

[Prev in Thread] Current Thread [Next in Thread]