info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: security question


From: Neis, Mark
Subject: RE: security question
Date: Thu, 12 Dec 2002 18:03:49 +0100

Phil R Lawrence wrote:

>How can I have SSH *and* locked down projects *and* locked down CVSROOT
dir?
>Security is very important.

I had actually planned to make CVS available via the web to some people,
so I tried to find a secure way of doing so. Instead of using pserver, I
followed
the instructions by Pascal Burguignon[1] and installed a chrooted,
statically
linked CVS server. As every project's CVSROOT gets its own chroot jail and
access is handled by ssh PubKeyAuthentication this should be pretty secure. 

Using the scripts P. Brurguignon provides, a CVS server can be set up pretty
quick, at least if you're using Linux. I gave up on Solaris because I was
not able
to statically link CVS (Sun does provide at least one library, iirc -lxnet,
only as .so).

Someone with more time and more experience in setting up chroots might have
managed it anyway by linking this one library dynamically and putting it
into the
chroot (Btw, if someone did, I'd be grateful for any hints and tipps).


>PS - are there any windows and linux clients that particularly shine 
>with SSH?

Newer versions of WinCVS _work_ with SSH (and the setup described above)
but I wouldn't quite call it "shining". I use it with pageant (from the
putty packet)
for PubKeyAuthentication.


HTH,
Mark Neis

[1] http://informatimago.free.fr/i/linux/chrooted-ssh-cvs.en.html




reply via email to

[Prev in Thread] Current Thread [Next in Thread]