Re: cvs security - ssh vs pserver?

To: Debian user mailing list <debian-user@lists.debian.org>
Subject: Re: cvs security - ssh vs pserver?
From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>
Date: Tue, 27 Nov 2001 10:14:21 -0600
Message-id: <[🔎] 20011127101421.A6350@bmrb.wisc.edu>
Mail-followup-to: Debian user mailing list <debian-user@lists.debian.org>
Reply-to: dmaziuk@yola.bmrb.wisc.edu
In-reply-to: <[🔎] 20011127015150.A3681@dirac.org>
References: <[🔎] 20011127015150.A3681@dirac.org>

* Peter Jay Salzman (p@dirac.org) spake thusly:
> i'd like to make some code available to collaborators via cvs.  it appears
> that i have a choice to make:
> 
> 1. use pserver
> 
> 2. use "ext" (ssh)
> 
> i just found out that using method 2, you can't assign a shell of /bin/false.
> cvs won't work.   so option 2 also means "giving a shell account on my
> machine".
> 
> both these options seem insecure.  i have to admit, i'm really not crazy
> about giving out shell accounts.
> 
> any thoughts?  is pserver really as insecure as dpkg claims in the
> configuration of the package?

Yes, pswerver sends everything in the clear and all that.
Edit /etc/shadow and set your cvsuser's password to NP 
(or whatever Debian uses to disable logins). Let your
users download the *private* key of cvsuser. Set up cvsuser
account so that ssh logins can only run cvs.

e-mail me if you want details.

Dima
-- 
Well, lusers are technically human.                            -- Red Drag Diva

Reply to:

Follow-Ups:
- Re: cvs security - ssh vs pserver?
  - From: "Eric G. Miller" <egm2@jps.net>

References:
- cvs security - ssh vs pserver?
  - From: Peter Jay Salzman <p@dirac.org>

Prev by Date: Re: pppd Doing Nothing!
Next by Date: Re: Help with X (after upgrade to Woody)
Previous by thread: cvs security - ssh vs pserver?
Next by thread: Re: cvs security - ssh vs pserver?
Index(es):
- Date
- Thread