[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS server access

From: Mark D. Baushke
Subject: Re: CVS server access
Date: Sat, 16 Jul 2005 23:30:07 -0700

Hash: SHA1

John Smith <address@hidden> writes:

> I recently configured my CVS server (Fedora Core 4) with ssh access
> using public/private keys and with password authentication disabled.
> I am able to access the server in one of two ways:
> (1) ssh access
> CVSROOT=:ext:<username>@SessionFileName:CVSRootLocation
> So, for every CVS command, there is a ssh authetication.
> (2) pserver tunneled through ssh
> CVSROOT=:pserver:<username>@localhost:CVSRootLocation
> For this, I am transfering the pserver port to my local machine using the
> method described here
> So, there is only one ssh authentication and pserver is tunneled through 
> ssh.
> My cvspserver service uses system authentication (so, I do not have a
> password file in cvsroot).
> Question: is there an overwhelming reason to use one over the other?

There are many good reasons to avoid :pserver: and very few good reasons
to use it. Search the address@hidden archives

for many posts on the subject.

> My thoughts are that (1) is more secure but more resource intensive
> (on the server).

It is more secure. It is not clear that it is that much more resource
intensive on the server.

> With (2) I am running the risk of sending a clear text password
> through the tunnel (is that correct?).

Well, it is trivially encoded, so you can't say that it is literally a
'clear text password'. However, the password is encoded in a completely
reversable manner, so it is close enough to being clear text as to not
really matter.

> Your opinion?

I recommend (1).

        -- Mark
Version: GnuPG v1.2.3 (FreeBSD)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]