info-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH configuration


From: Mark D. Baushke
Subject: Re: SSH configuration
Date: Tue, 16 Nov 2004 11:56:25 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jsWalter <address@hidden> writes:

> > Paola Attadio writes:
> >>
> >> Is possible use SSH with cvs users ($CVSROOT/CVSROOT/passwd)?
> 
> > Larry Gave us:
> >
> > No.
> 
> No?

Correct.

> No on ($CVSROOT/CVSROOT/passwd)?

$CVSROOT/CVSROOT/passwd only applies with :pserver: access mode.

> 
> Or no CVS with SSH?

CVS with :ext: and a CVS_RSH=ssh environment variable uses ssh as
transport which uses the native host login method.

CVS with :pserver: uses $CVSROOT/CVSROOT/passwd (or, optionally there is
a way to configure 1.12.x to use PAM instead)

> I have CVS running with SSH on my Linux machines, and my Windows boxes.
> 
> Now, the password is not automatic. Well, with the CVSNT (GUI) binary I
> can set auto-password (0n my windows)...
> 
>    :ssh;pass=[mypass]:address@hidden:/cvs

:ssh: is a CVSNT extension.

Use of pass=[mypass] is a security hole (in my opinion) as it exposes
the password via the environment too easily on multi-user machines.

Even for CVSNT, it is much better to use Putty and have 'Putty Agent'
hold your credentials to pass to the remote agent (or use 'ssh' and
'ssh-agent' if you are on a UNIX box).

> But this does not work with the cvshome cvs binary (command line), so it
> asks me for my password each time.

Assuming you are using putty and pagent, you should be able to teach
pagent your pass phrase and have it deal with the connection to the
server using public key rather than login passwords.

> In fact, the cvshome will not take :ssh:, I have to use :ext:.

Correct.

> I haven't taken the time yet to figure out how to get :ssh: to work (yet).

The CVS from cvshome does not support :ssh: and probably will not any
time soon.

It is possible that :ext: may some day be extended to allow the transport
to be encoded as an option much as the :pserver;proxyport=<number>: may
be encoded today in the cvs 1.12.x (feature) branch of cvs.

        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQFBmltp3x41pRYZE/gRApcGAKDGWJqemG6p2YXfqSWAYFLuHfdMDACggDQg
8VlUiERf/VrHgZrW+sRQKV8=
=A+Ep
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]