Re: cvs security - ssh vs pserver?

To: debian-user@lists.debian.org
Cc: Dave Sherohman <esper@sherohman.org>, "Eric G. Miller" <egm2@jps.net>
Subject: Re: cvs security - ssh vs pserver?
From: dman <dsh8290@rit.edu>
Date: Thu, 29 Nov 2001 11:38:24 -0500
Message-id: <[🔎] 20011129113824.A12743@harmony.cs.rit.edu>
Mail-followup-to: debian-user@lists.debian.org, Dave Sherohman <esper@sherohman.org>, "Eric G. Miller" <egm2@jps.net>
In-reply-to: <[🔎] 20011129094717.B26725@sherohman.org>; from esper@sherohman.org on Thu, Nov 29, 2001 at 09:47:17AM -0600
References: <[🔎] 20011127015150.A3681@dirac.org> <[🔎] 20011127101421.A6350@bmrb.wisc.edu> <[🔎] 20011127194123.4ea8f109.egm2@jps.net> <[🔎] 20011128115851.C24003@fishbowl.madduck.net> <[🔎] 20011128104402.B8135@bmrb.wisc.edu> <[🔎] 20011129040953.B26177@fishbowl.madduck.net> <[🔎] 20011129094717.B26725@sherohman.org>

On Thu, Nov 29, 2001 at 09:47:17AM -0600, Dave Sherohman wrote:
| On Thu, Nov 29, 2001 at 04:09:53AM +0100, martin f krafft wrote:
 
| > > Yes, and you also have one to one key->user map, so the setup is not
| > > anonymous. Which may not be a good thing.
| > 
| > so then give me a way to figure out which identity logged in to ssh if
| > they all log in as one user?
| 
| You don't need to.  That's sort of the point of anonymous access.

What is insecure about pserver, if you have anonymous access?  For
example, the gnome.org cvs server has a username "anonymous" with the
password "".  So what if the (empty) password is sent cleartext, and
so what if the source is too -- it's meant for anonymous access.

I think the original poster needs to step back and re-evaluate the
goals and requirements of his setup to determine which approach will
be best suited for his needs.

-D

-- 

"...In the UNIX world, people tend to interpret `non-technical user' as
meaning someone who's only ever written one device driver."
    --Daniel Pead

Reply to:

Follow-Ups:
- Re: cvs security - ssh vs pserver?
  - From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>

References:
- cvs security - ssh vs pserver?
  - From: Peter Jay Salzman <p@dirac.org>
- Re: cvs security - ssh vs pserver?
  - From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>
- Re: cvs security - ssh vs pserver?
  - From: "Eric G. Miller" <egm2@jps.net>
- Re: cvs security - ssh vs pserver?
  - From: martin f krafft <madduck@madduck.net>
- Re: cvs security - ssh vs pserver?
  - From: Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>
- Re: cvs security - ssh vs pserver?
  - From: martin f krafft <madduck@madduck.net>
- Re: cvs security - ssh vs pserver?
  - From: Dave Sherohman <esper@sherohman.org>

Prev by Date: Re: setting emacs default web browser
Next by Date: Re: AVI/MPG player
Previous by thread: Re: cvs security - ssh vs pserver?
Next by thread: Re: cvs security - ssh vs pserver?
Index(es):
- Date
- Thread