AW: [cvsnt] Re: Newbie question on CVSNT and SSH

Oliver Giesen ogware at gmx.net
Tue May 4 14:00:52 BST 2004 

firefox wrote:
> I'm still using SSPI to connect to the server in our LAN, but how can i
> connect to the server from a remote client?
> The CVS server is behind a firewall - how get the remote client access to
> the server? What protocol can be used instead of SSH?

You can still use SSPI in that setup as long as either the client is 
also on Windows or if you could do without strong encryption. I'm not 
familiar with the specifics of this setup myself however. Bo posted 
something a short while ago IIRC. There even might be something buried 
in the Wiki somewhere...

Talking of which I just found the post from Bo I remembered (or at least 
one of them, I think he explained this more than once already):

"
-------- Original Message --------
Subject: RE: [cvsnt] SSPI Protocol security
Date: Fri, 7 Mar 2003 13:32:05 +0100
From: Bo Berglund <Bo.Berglund at system3r.se>
Organization: cvsnt.org news server
To: <cvsnt at cvsnt.org>
Newsgroups: support.cvsnt

Concerning "best practices" over Internet:
1) Set up your server to *only* allow SSPI and other secure protocols 
(like SSH)
    (Disable pserver by erasing the pserver_protocol.dll from the server)
2) Open the firewall port 2401 and aim it towards your internal CVSNT 
server.
3) On the client side set your sspi as follows
    :sspi:user at server:/repository
    (server must be the firewall IP address in this case)
    Also make sure to check the encryption flag in WinCvs (button to the 
right
    of the protocols selection combo).
4) You must start on the client by doing a cvs login and enter the system
    password for the user. It will be sent encrypted and is also stored 
in your
    client PC in a fairly secure way for reuse on later cvs operations.
5) Now you can operate on this CVSNT server via the Internet as usual.

I have done this myself and it works pretty well, actually the 
combination of
encryption and compression makes it usable even on a dialup link to the
Internet provider.

/Bo
"

Hope this helps.

-- 
Oliver
----	------------------
JID:	ogiesen at jabber.org
ICQ:	18777742	(http://wwp.icq.com/18777742)

More information about the cvsnt mailing list