[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Newbie question re: ssh
|
From: |
Greg A. Woods |
|
Subject: |
Re: Newbie question re: ssh |
|
Date: |
Tue, 19 Nov 2002 14:00:33 -0500 (EST) |
[ On Tuesday, November 19, 2002 at 08:25:45 (-0500), Robert Koster wrote: ]
> Subject: Re: Newbie question re: ssh
>
> So, one of the "pros" of this approach is that it is more secure than
> the :pserver method, because the passwords are being transmitted over
> ssh?
The password encapsulation and obfuscation is really only a small part
of the whole transport layer security issue. TCP is not secure (in any
meaning of that word), at least not alone over plain old IPv4.
Even the transport security is only a small part of the whole CVS
security issue. CVS is not designed or implemented to be a security
tool -- it's at the level of /bin/ed in security terms, not /bin/login.
With CVSpserver there's lots of opportunity for one user to spoof
another -- i.e. there's _NO_ accountability in pserver.
> One of the "cons" is that the password will need to be entered
> frequently?
SSH can be configured to use any of many forms of authentication.
There's no fundamental need to ever type passwords to it when it's used
as a remote job execution facility for CVS.
--
Greg A. Woods
+1 416 218-0098; <address@hidden>; <address@hidden>
Planix, Inc. <address@hidden>; VE3TCP; Secrets of the Weird <address@hidden>