Re: CVS Server on SSL?

[Dimitri Maziuk <dmaziuk@yola.bmrb.wisc.edu>]

* Craig Dickson (crdic@yahoo.com) spake thusly:
> begin  Ben Collins  quotation:
> 
> > I strongly suggest using CVS over SSH. It's easy to setup. Just make
> > sure the server that your CVS repo is on has sshd installed. Then on the
> > client do:
> > 
> > export CVS_RSH=ssh
> > 
> > cvs -d :ext:<username>@cvs.server.com:/repo co myproj
> 
> Yes, I use cvs with ssh this way. Works fine.
> 
> > Then, you can work as you normally would, had you used pserver. If you
> > want to avoid having to type your SSH passphrase for every access to the
> > server, then I suggest using ssh-agent.
> 
> How is ssh-agent different from just running ssh-keygen to create a
> key pair with an empty passphrase and putting the public key into
> ~/.ssh./authorized_keys on the cvs machine?

If you're creating a dedicated user for CVS access, run CVS updates
form a cron job etc., it's easier to use empty passphrase. If you're
setting it up for your regular account and interactive use, you'd
protect your keys with a passphrase anyway.

If you use ssh-agent with non-login accounts/cron, you'll have to
leave it running all the time. It will keep [unencrypted] keys in
memory, available more or less to anyone who can access the machine.
So it's no more secure than storing keys unencrypted.

Dima
-- 
Backwards compatibility is either a pun or an oxymoron.                  -- PGN