Re: CVS over SSH on different port

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS over SSH on different port

From:	Mark D. Baushke
Subject:	Re: CVS over SSH on different port
Date:	Tue, 26 Oct 2004 08:58:00 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gaurav Vaish <address@hidden> writes:

> >              The host firewall.network.net is the external firewall and
> >              allows me to establish port forwarding to internal hosts
> >              via an SSH connection.
> 
>    No. It does not allow right now. But I want it do so. But it also
> has sshd running on itself, listening on 22 and I don't want to shut
> it down.

You are still confused.

The :pserver: is the one that listens and talks on a particular port.
The :ext: runs a copy of cvs in server mode over ssh and does not
actually consume any ports of its own. It is even possible to run :ext:
over kermit (or so I have been told). All you need is an eight-bit clean
cahnnel to pass the bits.

So, you need port 22 to continue to run SSHD. You also need to be
setting things up so that you are port forwarding the ability to login
via ssh to the system on which the cvs server is to be run locally.

> > 
> >  Problem:    How do I configure things with my CVSROOT and SSH
> > 
> >              configuration to allow me to checkout and commit to
> >              foo.my.network.net from my.laptop.somewhere.com that must
> >              go thru an SSH tunnel on the firewall.network.net in order
> >              to get to the cvs.my.network.net host.
> 
>    Well, I can get to it if I had only this as the problem. Since the
> firewall is under my control, I can enable portforwarding (Linux,
> iptables -- not an issue).
> 
>    The problem:
> 
>    -> Firewall.network.net already has a sshd running on 22.
>        I cannot use 22 for forwarding, since sshd is listening.
>        I cannot use another port, because "ext protocol" does not
> allow me to use any port other than 22.
> 
>    export address@hidden:/cvs/root/path
> 
> cannot be changed to
> 
>     export address@hidden:111111:/cvs/root/path

The :ext: protocol does not allow you to specify port numbers because
the transport of $CVS_RSH may or may not allow you to move to a separate
port number in any kind of a portable manner.

What is happening is that cvs will be running a command like:

     "${CVS_RSH:-rsh} mycvsserver -l user ${CVS_SERVER} server"

given the environment

      CVSROOT=:ext:address@hidden:/cvs/root/path

and the cvs protocol across the connection will be where it communicates
'Root /cvs/root/path' for you.

So, for setting up a cvs connection of :ext: you will want to make sure that
the command:

        ssh mycvsserver -l user uname -a

works first and prints out the name of the remote host you are
attempting to use. If it does, then you can be fairly sure that the cvs
connection will also work.

Let us look at what the previous post I sent does...

| Suggested workaround:
| 
| Created a $HOME/.ssh/config entry something like this:
| 
| Host cvsserver
|   HostKeyAlias cvs.my.network.net
|   Hostname cvs.my.network.net
|   ProxyCommand ssh firewall.network.net nc %h 22

The above ssh configuration means that whenever you do a connection to
the 'cvsserver' name it will open an ssh connection on cvs.my.network.net
transparently.

        ssh cvsserver

will get you a login shell on cvs.my.network.net directly.

| 
| You could do something like the following:
| 
|    export CVS_RSH=ssh
|    export CVSROOT=:ext:cvsserver/path/to/cvsroot
|    cvs checkout module
| 
| This assumes that you have the 'nc' program
| (http://www.atstake.com/research/tools/network_utilities/)
| 
| If you are not able to use nc, then something like the following might
| work for you...
| 
| In your $HOME/.ssh/config file put something like this:
| 
| Host cvsserver2
|   HostKeyAlias cvs.my.network.net
|   Hostname localhost
|   Port 8822
| 
| Then, in one window do a command like this:
| 
|      ssh -L 8822:cvs.my.network.net:22 firewall.network.net

The above command establishes that connections to the localhost port
8822 will be forwarded to cvs.my.network.net port 22. So, the command

     ssh -p 8822 localhost

will get you a login prompt from the cvs.my.network.net host.

| 
| and in another window
| 
|    export CVS_RSH=ssh
|    export CVSROOT=:ext:cvsserver2/path/to/cvsroot
|    cvs checkout module
| 
| There are probably other ways to address the above solutions, but this
| may be a reasonable place to start.

I hope this helps.

        Good luck,
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFBfnQI3x41pRYZE/gRAoCcAJ9bVHKZNPqNrDwHEK1TuL6QaT8epACfbRMv
Yd6q2BSVEMOSQcsm70VO+yU=
=8Q8B
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

CVS over SSH on different port, Gaurav Vaish, 2004/10/26
- Re: CVS over SSH on different port, Mark D. Baushke, 2004/10/26
  - Re: CVS over SSH on different port, Gaurav Vaish, 2004/10/26
    - Re: CVS over SSH on different port, Mark D. Baushke <=
    - Re: CVS over SSH on different port, Gaurav Vaish, 2004/10/27

Prev by Date: Re: installation
Next by Date: Re: autentication
Previous by thread: Re: CVS over SSH on different port
Next by thread: Re: CVS over SSH on different port
Index(es):
- Date
- Thread