[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remote cvs access - recommendations

From: p
Subject: Re: remote cvs access - recommendations
Date: Wed, 8 Oct 2003 10:59:37 -0700
User-agent: Mutt/1.5.4i

first, thanks everyone who answered my question.

second, this works like a charm.  and i learned a WHOLE LOT in the

On Tue 07 Oct 03,  9:38 AM, address@hidden <address@hidden> said:
> On Tue, 7 Oct 2003 address@hidden wrote:
> > hi all,
> > 
> > i've read about remote cvs access, and there are a LOT of options: ssh,
> > rsh, kerberos, pserver, and more.
> > 
> > my needs are simple.  i'm writing a latex book with just one other
> > person.  the repository is sitting on a debian gnu/linux machine that i
> > have root access to.
> > 
> > can someone suggest an access method suitable for my needs?
> > 
> > i don't need anything fancy, scalable or even efficient, since there's
> > just one other co-author and we're dealing mainly in text with a few
> > image files.  it just needs to be secure, easy to set up and easy to
> > use.
> Unfortunately, secure and easy to setup often do not mix.
> Your two choices for secure that I am aware of are Kerberos and SSH.
> Unless you already have a Kerberos infrastructure in place, you don't want
> to go there.  A W2K domain does count, but I've never seen any discussion
> about how to make CVS Kerberos play in that environment.
> Before a good answer to your inquiry can be provided, we need to know
> the platforms you and the other CVS user are using.  You say the repository
> is on Debian Linux.  What platforms will you and the other person be
> accessing the repository from?  For the purposes of this reply, I'll
> assume Linux all around.  If Windows is in the picture, what I will be
> suggesting will still play fine.
> I am doing exactly what you want with another developer with my repository.
> The repository is accessed securely using SSH.  The biggest hurdle to 
> setting up remote access to such a repository is configuring SSH.  You 
> have to decide and configure what authentication methods you want to allow, 
> then possibly generate certificates.  To satisfy your convenience of use
> criteria, I suggest use of RSA public key certificates.  They are very
> secure, and can be set up so you only have to enter a password once.

or zero times if i don't encrypt id_rsa or id_dsa...   :-)

works like a charm, so i'm very happy.  thank you!  but i am curious
about one more thing.

this ssh method requires that my co-developer has an account on the
system containing the repository.  i don't mind that, since he's a

but in general, someone who accesses cvs this way has system access.
not only can my co-developer do things like "cvs checkout" and "cvs
commit", but he can also ssh into the machine and work at a remote

is there a way to give co-developers access to cvs WITHOUT giving them
system level access?

i assume changing the shell to /bin/false in /etc/passwd will break
remote cvs access (correct me if that's wrong).

thanks guys!

GPG Instructions:
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D

reply via email to

[Prev in Thread] Current Thread [Next in Thread]