[cvsnt] SSH

Aditya Gandhi agandhi at sapient.com
Wed Feb 4 08:23:04 GMT 2004


Just a thought on that.... 
Keeping up with the latest use SSH2 which claims to have made
significant improvements over SSH1 and maybe DSA rather than RSA.
Regards

- Aditya Gandhi

  -----Original Message-----
  From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On
Behalf
  Of Erin Loy
  Sent: Wednesday, February 04, 2004 1:46 PM
  To: 'Glen Starrett '; 'cvsnt at cvsnt.org '
  Subject: RE: [cvsnt] SSH
  
   It would most likely need to be exposed on the Internet.  I can have
our
  IT
  guys punch a hole in our firewall, but only if I can assure them (and
  demonstrate) that the connection is secure.  External users would
probably
  have local accounts on the machine, and internal users would use
domain
  credentials.  SSH/SSL style encryption would be required, and forcing
  authentication via an RSA style key would be even better.  We already
have
  HTTP servers exposed to the Internet, but the CVS server is behind
another
  firewall, so it would be nice if I could put SSH on one of the exposed
  servers and forward the traffic to the CVS box (I read something about
  that
  being possible...), but it's not a requirement.
  
  -Erin
  
  -----Original Message-----
  From: Glen Starrett
  To: cvsnt at cvsnt.org
  Sent: 2/3/2004 9:00 PM
  Subject: Re: [cvsnt] SSH
  
  Erin Loy wrote:
  
  >Hi All,
  >
  >
  >
  >I'm fairly new to CVS, and could use some help on this one.   We need
  to
  >work collaboratively with contractors in India, and I need to get
CVSNT
  >working securely enough to expose a proprietary repository to them on
  the
  >Internet.  The documentation that I've used up to this point assumes
a
  lot
  >about my knowledge of secure communications, and frankly I'm confused
  at
  >this point.
  >
  >
  >
  >Where should I start?
  >
  >
  >
  Good question....  very vague and hard to answer though.  Are you on a
  intranet (private link / VPN) to India, over the Internet, is
encryption
  
  required (if you already are using a VPN then the communication is
  encrypted), etc.etc.
  
  CVSNT supports a number of protocols, and most can be encrypted I
  believe.  You can tell the server to force encryption.  You can have
  source verification (e.g. SSH or SSL), there might be a way to do
client
  
  verification (would gserver help with that??).
  
  I don't have the answers, but I could lead you to more questions...
:)
  
  --------------------
  Glen Starrett
  
  
  
  _______________________________________________
  cvsnt mailing list
  cvsnt at cvsnt.org
  http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
  _______________________________________________
  cvsnt mailing list
  cvsnt at cvsnt.org
  http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt



More information about the cvsnt mailing list