(no subject)

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(no subject)

From:	root
Subject:	(no subject)
Date:	Mon, 13 Aug 2001 05:08:29 -0400

>From address@hidden  Tue Feb  6 18:35:18 2001
>Return-Path: <address@hidden>
Received: from fencepost.gnu.org (fencepost.gnu.org [199.232.76.164])
        by gateway.camelot.jp (8.9.3/8.9.3/Debian 8.9.3-21) with ESMTP id 
SAA22302
        for <address@hidden>; Tue, 6 Feb 2001 18:35:13 +0900
Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org)
        by fencepost.gnu.org with esmtp (Exim 3.16 #1 (Debian))
        id 14Q4Uj-0000Da-00; Tue, 06 Feb 2001 04:33:05 -0500
Received: from frosch.logivision.net ([212.42.242.2])
        by fencepost.gnu.org with esmtp (Exim 3.16 #1 (Debian))
        id 14Q4SB-0000CA-00
        for <address@hidden>; Tue, 06 Feb 2001 04:30:27 -0500
Received: by frosch.logivision.net (8.9.3/nora-20001211) with UUCP
          for address@hidden (envelope-from address@hidden)
          id f169UOw64205; Tue, 6 Feb 2001 10:30:24 +0100 (CET)
Apparently-To: address@hidden
Received: from cedar.elego.de (address@hidden [10.0.0.51]) by phaidros.elego.de 
(8.8.8/8.8.3) with ESMTP id KAA01016 for <address@hidden>; Tue, 6 Feb 2001 
10:19:02 +0100 (CET)
To: address@hidden
Subject: Re: Secure remote CVS
References: <address@hidden> <address@hidden>
From: Michael Diers <address@hidden>
In-Reply-To: Mike Castle's message of "Mon, 5 Feb 2001 15:52:55 -0800"
Message-ID: <address@hidden>
User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Capitol Reef)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: address@hidden
Errors-To: address@hidden
X-BeenThere: address@hidden
X-Mailman-Version: 2.0
Precedence: bulk
List-Help: <mailto:address@hidden>
List-Post: <mailto:address@hidden>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/info-cvs>,
        <mailto:address@hidden>
List-Id: Announcements and discussions for the CVS version control system 
<info-cvs.gnu.org>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/info-cvs>,
        <mailto:address@hidden>
List-Archive: <http://mail.gnu.org/pipermail/info-cvs/>
Date: 06 Feb 2001 10:19:01 +0100
Status: O
Content-Length: 2244
Lines: 46

Mike Castle <address@hidden> writes:

> On Mon, Feb 05, 2001 at 05:05:51PM -0600, David H. Thornley wrote:
> > I recommended setting CVS_RSH=ssh, and was told that the users
> > then had to type in their password for every file being transferred,
> > and that is more typing than they're willing to put up with.

Depends on the authentication method you're using. For RSA or DSA
authentication, ssh-agent alleviates the need for the user to supply
passphrases. Apart from that, unless you already have a secure
infrastructure like IPsec in place, SSH is probably the way to go.

> On all of the clients, run ssh-keygen and supply NO passphrase (It turns
> out the particular port that I used was broken in this aspect.  So I had
> to run ssh-keygen on the unix box and ftp files back.  It was a pain,
> but worked.  Apparently there is a work around for this particular port,
> but I forget what it is).
> 
> Then we did the appropriate things with public/private key files onto the
> server (been a while since set it up so don't remember details).
> 
> Now, problem with this is that any access to this machine/account now
> allows access to the cvs server without another need for a password.  Is
> that sufficient or not?

Not really a problem unless the private key has been compromised
(e.g. stolen). In such situations, it could be important to have
passphrase-protected keys; and since it's painless to use them with
ssh-agent... Also, generally, a policy for key aging/retirement
might be in order.

> If using a Cygwin port, can you do things with ssh-agent to have it up and
> running?  I've never used ssh-agent so don't know if it would serve this
> purpose or not.

Yes, that works as advertised with the SSH Version OpenSSH_2.3.0p1
package on Cygwin 1.1.7. The setup of OpenSSH on the client is
conveniently scripted (/usr/bin/ssh-config).

Great stuff, Cygwin: http://sources.redhat.com/cygwin/.

-- 
Michael Diers                                     mailto:address@hidden

Senior Developer / Solution Architect
elego software solutions GmbH                       http://www.elego.de/


_______________________________________________
Info-cvs mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/info-cvs

[Prev in Thread]

Current Thread

[Next in Thread]

(no subject), (continued)
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root <=
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13
- (no subject), root, 2001/08/13

Prev by Date: (no subject)
Next by Date: (no subject)
Previous by thread: (no subject)
Next by thread: (no subject)
Index(es):
- Date
- Thread