Re: CVS Server on SSL?
* Craig Dickson (crdic@yahoo.com) spake thusly:
> begin Ben Collins quotation:
>
> > I strongly suggest using CVS over SSH. It's easy to setup. Just make
> > sure the server that your CVS repo is on has sshd installed. Then on the
> > client do:
> >
> > export CVS_RSH=ssh
> >
> > cvs -d :ext:<username>@cvs.server.com:/repo co myproj
>
> Yes, I use cvs with ssh this way. Works fine.
>
> > Then, you can work as you normally would, had you used pserver. If you
> > want to avoid having to type your SSH passphrase for every access to the
> > server, then I suggest using ssh-agent.
>
> How is ssh-agent different from just running ssh-keygen to create a
> key pair with an empty passphrase and putting the public key into
> ~/.ssh./authorized_keys on the cvs machine?
If you're creating a dedicated user for CVS access, run CVS updates
form a cron job etc., it's easier to use empty passphrase. If you're
setting it up for your regular account and interactive use, you'd
protect your keys with a passphrase anyway.
If you use ssh-agent with non-login accounts/cron, you'll have to
leave it running all the time. It will keep [unencrypted] keys in
memory, available more or less to anyone who can access the machine.
So it's no more secure than storing keys unencrypted.
Dima
--
Backwards compatibility is either a pun or an oxymoron. -- PGN
Reply to: