[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: remote cvs access - recommendations
|
From: |
p |
|
Subject: |
Re: remote cvs access - recommendations |
|
Date: |
Wed, 8 Oct 2003 10:59:37 -0700 |
|
User-agent: |
Mutt/1.5.4i |
first, thanks everyone who answered my question.
second, this works like a charm. and i learned a WHOLE LOT in the
process.
On Tue 07 Oct 03, 9:38 AM, address@hidden <address@hidden> said:
>
> On Tue, 7 Oct 2003 address@hidden wrote:
>
> > hi all,
> >
> > i've read about remote cvs access, and there are a LOT of options: ssh,
> > rsh, kerberos, pserver, and more.
> >
> > my needs are simple. i'm writing a latex book with just one other
> > person. the repository is sitting on a debian gnu/linux machine that i
> > have root access to.
> >
> > can someone suggest an access method suitable for my needs?
> >
> > i don't need anything fancy, scalable or even efficient, since there's
> > just one other co-author and we're dealing mainly in text with a few
> > image files. it just needs to be secure, easy to set up and easy to
> > use.
>
>
> Unfortunately, secure and easy to setup often do not mix.
>
> Your two choices for secure that I am aware of are Kerberos and SSH.
> Unless you already have a Kerberos infrastructure in place, you don't want
> to go there. A W2K domain does count, but I've never seen any discussion
> about how to make CVS Kerberos play in that environment.
>
> Before a good answer to your inquiry can be provided, we need to know
> the platforms you and the other CVS user are using. You say the repository
> is on Debian Linux. What platforms will you and the other person be
> accessing the repository from? For the purposes of this reply, I'll
> assume Linux all around. If Windows is in the picture, what I will be
> suggesting will still play fine.
>
> I am doing exactly what you want with another developer with my repository.
> The repository is accessed securely using SSH. The biggest hurdle to
> setting up remote access to such a repository is configuring SSH. You
> have to decide and configure what authentication methods you want to allow,
> then possibly generate certificates. To satisfy your convenience of use
> criteria, I suggest use of RSA public key certificates. They are very
> secure, and can be set up so you only have to enter a password once.
or zero times if i don't encrypt id_rsa or id_dsa... :-)
works like a charm, so i'm very happy. thank you! but i am curious
about one more thing.
this ssh method requires that my co-developer has an account on the
system containing the repository. i don't mind that, since he's a
friend.
but in general, someone who accesses cvs this way has system access.
not only can my co-developer do things like "cvs checkout" and "cvs
commit", but he can also ssh into the machine and work at a remote
shell.
is there a way to give co-developers access to cvs WITHOUT giving them
system level access?
i assume changing the shell to /bin/false in /etc/passwd will break
remote cvs access (correct me if that's wrong).
thanks guys!
pete
--
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D