[cvsnt] Problem in debian

Claudio Guzman cguzmana at gmail.com
Tue Feb 24 20:56:23 GMT 2009


My config is stored in /etc/cvsnt  files PServer and Plugin

edit  inetd.conf  adding line "cvspserver stream tcp nowait root /usr/bin/cvs"

key generated with:
   $openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
cacert.pem -days 3650


Pserver config:
Repository0=/usr/local/cvsroot
Repository0Name=/cvsroot
Repository0Description=Repositorio Rembox
Repository0Default=0
Repository0Publish=0
Repository0Online=0

EncryptionLevel=0
CompressionLevel=0

# CertificateFile  PEM certificate for use with sserver
# PrivateKeyFile   PEM certificate for use with sserver
CertificateFile=/etc/cvsnt/cert.pem
PrivateKeyFile=/etc/cvsnt/key.pem

LockServerLocal=0
ReadOnlyServer=1


Plugin config:
PserverProtocol=0               # Original pserver
SserverProtocol=0               # SSL encrypted pserver


telnet 190.21.50.231 2401
Trying 190.21.50.231...
telnet: Unable to connect to remote host: Connection refused
desarrollo:~# telnet 190.21.50.231 2402
Trying 190.21.50.231...
Connected to 190.21.50.231.
Escape character is '^]'.
CVSLock 2.2 Ready

##### LOG  ##########
cvs -t -d :sserver:demo:demo at 190.21.50.231:2402:$CVSROOT/demo login
16:45:48:   -> Tracelevel set to 1.  PID is 20884
16:45:48:   -> Session ID is 519449a44e6c6687
16:45:48:   -> Session time is Tue Feb 24 19:45:48 2009
16:45:48:   -> main loop with
CVSROOT=:sserver:demo:demo at 190.21.50.231:2402:/usr/local/cvs/demo
Logging in to :sserver:demo at 190.21.50.231:2402:/usr/local/cvs/demo
CVSLock 2.2 Ready
cvs [login aborted]: Connection to server failed

cvs -t -d :sserver:demo:demo at 190.21.50.231:2402:$CVSROOT login
16:46:00:   -> Tracelevel set to 1.  PID is 20902
16:46:00:   -> Session ID is 51a649a44e78d5f9
16:46:00:   -> Session time is Tue Feb 24 19:46:00 2009
16:46:00:   -> main loop with
CVSROOT=:sserver:demo:demo at 190.21.50.231:2402:/usr/local/cvs
Logging in to :sserver:demo at 190.21.50.231:2402:/usr/local/cvs
CVSLock 2.2 Ready
cvs [login aborted]: Connection to server failed

#########################################################
I need working with SSL


thx

Regards


2009/2/24 Jack, Cao Cu <user at domain.invalid>:
> Hi Claudio,
>
> Please check file "cvsnt" in /etc/xinet.d/cvsnt and "xinetd.conf" or
> "inetd.conf" on the server.
> Example :
> CVSNT file:
> -----------
> service cvspserver
>                {
>                socket_type = stream
>                wait = no
>                server = /usr/bin/cvsnt
>                server_args = --allow-root=/demo -f pserver
>                env = 'HOME=/demo'
>                log_type        = FILE /var/log/cvspserver
>                groups = yes
>                log_on_failure += USERID
>                flags = REUSE IPv6
>                mdns = no
>                disable = no
>                user = root
>                }
>
> NOTE : Note especially the "server" and "server_args". Wrong information
> here will result in "connection actively refused" when trying to
> authenticate. If you're using normal inetd, not xinetd, read the section
> following this.
>
> xinetd.conf or inetd.conf file :
> -------------
> cvspserver stream tcp nowait root /usr/bin/cvs
> cvs --allow-root=/demo authserver
>
>
> Check login : telnet 192.168.24.105 2401
>
> With pserver and sserver, the passwords are stored on the client side in a
> trivial encoding of the cleartext and in the pserver case transmitted in the
> same encoding. The encoding is done only to prevent inadvertent password
> compromises (i.e., a system administrator accidentally looking at the file),
> and will not prevent even a naive attacker from gaining the password. With
> Sserver, the client/server connection is encrypted using SSL, and the risk
> of the password being sniffed on the wire is very low.Do you have created a
> certificate for cvsnt?
>
>
> Claudio Guzman wrote:
>>
>> other question,  for cvs access to the user also has to take into
>> account the debian. and as if the protocol is running sserver?
>> Example:
>> Client:
>> $ cvs  -d :sserver:demo:demo at 192.168.24.105:/demo login
>> Logging in to :sserver:demo at 192.168.24.105:2401:/demo
>> connect to 192.168.24.105:2401 failed:
>>
>> Server log auth.log
>> Feb 23 16:06:04 desarrollo sshd[2898]: Failed password for invalid
>> user demo from 192.168.24.107 port 58961 ssh2
>>
>>
>>
>> 2009/2/21  <user at domain.invalid>:
>>>
>>> Hi Claudio,
>>>
>>> On Server:
>>> PServer and Plugin
>>>
>>> Vi  /etc/cvsnt/Plugins
>>>       #EnumProtocol=1                 # Remote enumeration (info -r)
>>>       #GserverProtocol=1              # GSSAPI
>>>       PserverProtocol=1               # Original pserver
>>>       SserverProtocol=1               # SSL encrypted pserver
>>>       #SspiProtocol=1         # SSPI (via Winbind, if configured)
>>>       #SyncProtocol=1                 # Server sync
>>>       #AuditTrigger=0                 # Audit events to database
>>>       #EmailTrigger=0                 # Send emails
>>>       #CheckoutTrigger=0              # Enable CVSROOT/shadow
>>>
>>>       -  Vi /etc/cvsnt/PServer and change:
>>>       #
>>>       AuditLogSessions=1      # All server connections/commands
>>>       #AuditLogCommits=0      # Log changes due to commits
>>>       #AuditLogDiffs=0        # Store diffs in commit log
>>>       #AuditLogTags=0         # Log tagging operations
>>>       AuditLogHistory=1       # Log cvs history
>>>       #
>>>       You will create a key PEM
>>>       CertificateFile=/etc/cvsnt/cert.pem
>>>       PrivateKeyFile=/etc/cvsnt/key.pem
>>>       And change :
>>>       #CertificatesOnly=0
>>>               Repository0=/home/database
>>>               Repository0Name=/database >> Repository0Name=/database
>>> On Client :
>>> You install cvsnt and cvsnt-protocol-sserver on CVS Client.
>>>
>>> Claudio Guzman wrote:
>>>>
>>>> please PServer settings and Plugin, I can not make the client connects
>>>> to the server remotely by :sserver:
>>>>
>>>> Thanks.
>>>
>>> _______________________________________________
>>> cvsnt mailing list
>>> cvsnt at cvsnt.org
>>> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>>>
>>> Upgrade to CVS Suite for more features and support:
>>> http://march-hare.com/cvsnt/
>>>
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>
> Upgrade to CVS Suite for more features and support:
> http://march-hare.com/cvsnt/
>


More information about the cvsnt mailing list