[cvsnt] Re: Problems of CVSNT with SSH 2 using public key authentication

[Tony Hoyle]

On Wed, 30 Oct 2002 11:30:14 +0800, Lijen Lin wrote:

> Hi,
> 
> For security issue, I'm using the latest CVSNT version (1.11.1.3-57j)
> and NetworkSimplicity's OpenSSH for windows to config my environment. My
> config is to use passwordless ssh2 (:ext portocol) to talk to my CVSNT
> server. So far, there is no problem with CVS checkout, but when I wanted
> to commit some modified files in my sandbox back into the CVSNT server,
> I got the error message saying:
> 
> cvs server: user 'SYSTEM' is not a valid editor of the file '<my file
> name>'
> 
> Thanks for any feedback response to help solving my problem!

You have used 'edit -c' on one of the files when not using ssh, then tried
to commit using ssh.  Do a 'commit -c' from a valid editor of the file
*not* using ssh.

It looks like openssh for windows has the same bug as cygwin ssh - it
can't change UID so it always looks like it's running as SYSTEM
(presumably it sets up the impersonation tokens, you'd have to ask the
openssh author that though).  It's not known whether this is solvable - it
looks like a restriction built into NT.

In this environment the various 'reserved' (-c) checkout switches cannot
work. Also you will be unable to track the users who modified files which
makes the history logs much less useful.

ssh is not a good environment to use with cvsnt.  If you really need ssh
you'd be better off with a Unix machine.  cvsnt has its own secure
protocols - sspi for Windows-only connectioons and gserver if you have an
Active Directory and need to share connections with Unix clients.

Tony