[cvsnt] Re: Setting up cvsnt server on Windows XP

David Somers dsomers at omz13.com
Fri Jul 14 23:45:39 BST 2006


Nicholas Duane wrote:
My initial thinking is
> that I would like to authenticate via keys or certificates (not an expert
> on
> authentication).  From the reading that I've done it sounds like there is
> some sort of authentication using keys.  It was unclear to me how to set
> this up.  Maybe because I'm not that familiar with unix and its utilities
> (like ssh, putty, etc.).

The sserver protocol is basically pserver over a ssl-secured link... if you
really want to you can authenticate using client certificates. If you
aren't familiar with setting up a CA and issuing and distributing client
certs, its not an easy thing to do but it can be done... just use ssl for
encryption and use the usual user/password stuff for authentication (and
only do ssl client authentication if you really need to have that extra
authentication layer applied).

> Also, it sounded like I would have to add the 
> users to a passwd file and include their host names.  I'm hoping this is
> not
> the case as I don't want to have to add their host name.  I'm hoping they
> should be able to connect from any machine as long as they have their
> key/certificate installed on that machine.

Linking password and host names isn't done.

> I don't know much, really nothing, about ssh.  But it would be nice to be
> able to encrypt the data so that in the case where the data is traveling
> over the internet we're somewhat secure.  What do I need to enable this? 

Use the sserver or sspi protocols.

> I read somewhere that :ssh: is a protocol that's include with the cvsnt
> client
> which is provided by a built-in putty client (or something like that).  If
> so, do I need anything else on the client?  What do I need on the server?
> OpenSsh?

Forget about ssh.
Really, just forget it (unless you need to support it because you have unix
clients running vanilla cvs and need to do things over a sercure link).
Stick sserver or sspi.
Actually, get things working first with pserver, then move over to sserver
or sspi.

-- 
David Somers
typographer/programmer/whatever



More information about the cvsnt mailing list