Re: cvs security - ssh vs pserver?

To: Peter Jay Salzman <p@dirac.org>
Cc: Debian user mailing list <debian-user@lists.debian.org>
Subject: Re: cvs security - ssh vs pserver?
From: Joey Hess <joey@kitenet.net>
Date: Tue, 27 Nov 2001 13:00:13 -0500
Message-id: <[🔎] 20011127130013.A2999@kitenet.net>
Mail-followup-to: Peter Jay Salzman <p@dirac.org>, Debian user mailing list <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20011127015150.A3681@dirac.org>
References: <[🔎] 20011127015150.A3681@dirac.org>

Peter Jay Salzman wrote:
> i just found out that using method 2, you can't assign a shell of /bin/false.
> cvs won't work.   so option 2 also means "giving a shell account on my
> machine".

Read http://kitenet.net/programs/sshcvs

> any thoughts?  is pserver really as insecure as dpkg claims in the
> configuration of the package?

It uses plain-text passwords, which is pretty insecure, yes.

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: cvs security - ssh vs pserver?
  - From: Peter Jay Salzman <p@dirac.org>

References:
- cvs security - ssh vs pserver?
  - From: Peter Jay Salzman <p@dirac.org>

Prev by Date: Click of Death or RE: Second dead drive(?) or is it(?)
Next by Date: Re: cvs and security
Previous by thread: Re: cvs security - ssh vs pserver?
Next by thread: Re: cvs security - ssh vs pserver?
Index(es):
- Date
- Thread