Re: CVS Server on SSL?

To: hanasaki <hanasaki@hanaden.com>
Cc: debian-user@lists.debian.org
Subject: Re: CVS Server on SSL?
From: Ben Collins <bcollins@debian.org>
Date: Mon, 11 Mar 2002 11:19:33 -0500
Message-id: <[🔎] 20020311161933.GC500@blimpo.internal.net>
In-reply-to: <[🔎] 3C8CD1B1.1060904@hanaden.com>
References: <[🔎] 3C8CD1B1.1060904@hanaden.com>

On Mon, Mar 11, 2002 at 09:48:01AM -0600, hanasaki wrote:
> I have heard that pserver is not secure.  Is this due to plaintext 
> passwd on the net or exploits?  How can it be secured?  How can the 
> client and server be configured to run over SSL (Win and Lin)?

It is because of plain text passwords. Anonymous CVS over pserver is
perfectly fine though (unless of course the contents of your repo need
to be secured against plain text transmission aswell).

I strongly suggest using CVS over SSH. It's easy to setup. Just make
sure the server that your CVS repo is on has sshd installed. Then on the
client do:

export CVS_RSH=ssh

cvs -d :ext:<username>@cvs.server.com:/repo co myproj

Then, you can work as you normally would, had you used pserver. If you
want to avoid having to type your SSH passphrase for every access to the
server, then I suggest using ssh-agent.

-- 
 .----------=======-=-======-=========-----------=====------------=-=-----.
/       Ben Collins    --    Debian GNU/Linux    --    WatchGuard.com      \
`          bcollins@debian.org   --   Ben.Collins@watchguard.com           '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

Reply to:

Follow-Ups:
- Re: CVS Server on SSL?
  - From: hanasaki <hanasaki@hanaden.com>
- Re: CVS Server on SSL?
  - From: Craig Dickson <crdic@yahoo.com>

References:
- CVS Server on SSL?
  - From: hanasaki <hanasaki@hanaden.com>

Prev by Date: kernel compile problem -- unresolved symbols
Next by Date: RE: "dpkg -l" redirection
Previous by thread: CVS Server on SSL?
Next by thread: Re: CVS Server on SSL?
Index(es):
- Date
- Thread