[cvsnt] SSH

philippe.legrain at scxmedical.se philippe.legrain at scxmedical.se
Wed Feb 4 08:36:49 GMT 2004


Hi,

I am setting up a cvs server using cvsnt in my company (two distant sites will be using it), and we basically have the same base requirements as you that is:
- server exposed on the internet
- the firewall forward connection through port 22 (ssh) from outside to the cvs server
- accounts for cvs access are set locally on the machine.
- we would like to use rsa key authentication

The setup works fine so far, the only problem we are experiencing is on the key authentication side.  We have set up the server with the free OpenSSHd server and there is one well known issue with this particular server on windows is that it doesnt actually record the submitters name into the repository but record SYSTEM instead. What can prove very annoying when it comes to source management.  This issue doesn't seem to happen with commercial implementation of sshd server, so you might consider buying one of those in order to have things running smoothly.

See http://www.cvsnt.org/pipermail/cvsnt/2001-December/000056.html for more

Philippe Legrain



-----Original Message-----
From: ELoy at riverdeep.net [mailto:ELoy at riverdeep.net]
Sent: den 4 februari 2004 09:24
To: grstarrett at cox.net; cvsnt at cvsnt.org
Subject: RE: [cvsnt] SSH


 It would most likely need to be exposed on the Internet.  I can have our IT
guys punch a hole in our firewall, but only if I can assure them (and
demonstrate) that the connection is secure.  External users would probably
have local accounts on the machine, and internal users would use domain
credentials.  SSH/SSL style encryption would be required, and forcing
authentication via an RSA style key would be even better.  We already have
HTTP servers exposed to the Internet, but the CVS server is behind another
firewall, so it would be nice if I could put SSH on one of the exposed
servers and forward the traffic to the CVS box (I read something about that
being possible...), but it's not a requirement.

-Erin

-----Original Message-----
From: Glen Starrett
To: cvsnt at cvsnt.org
Sent: 2/3/2004 9:00 PM
Subject: Re: [cvsnt] SSH

Erin Loy wrote:

>Hi All,
>
> >
>I'm fairly new to CVS, and could use some help on this one.   We need
to
>work collaboratively with contractors in India, and I need to get CVSNT
>working securely enough to expose a proprietary repository to them on
the
>Internet.  The documentation that I've used up to this point assumes a
lot
>about my knowledge of secure communications, and frankly I'm confused
at
>this point.  >
> >
>Where should I start?
>
>  >
Good question....  very vague and hard to answer though.  Are you on a intranet (private link / VPN) to India, over the Internet, is encryption

required (if you already are using a VPN then the communication is encrypted), etc.etc.

CVSNT supports a number of protocols, and most can be encrypted I believe.  You can tell the server to force encryption.  You can have source verification (e.g. SSH or SSL), there might be a way to do client

verification (would gserver help with that??).

I don't have the answers, but I could lead you to more questions...  :)

--------------------
Glen Starrett



_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt



More information about the cvsnt mailing list