Install the CVS server: apt-get install cvs. This will install CVS, the daemon gets started with inetd and the CVS root is by default /var/lib/cvs. By default you can connect to your CVS server via pserver, but you shouldn't use pserver when you set up a public CVS server, as the password gets not encrypted when you log on. I want to create a SSH tunnel to connect the CVS server:
Linux:
Basics: create a CVS user, lets call him cvsuser (quite creative, eh?). Create the file ~/.profile and add this text:
export CVS_RSH=ssh
prepare the SSH-keyfile, create the empty file ~/.ssh/authorized_keys2
Windows:
I use eclipse a my IDE, choose this menu [Window / Preferences / Team / CVS / SSH2 Connection / Key Management] and create the SSH keypair. Paste the public key into the ~/.ssh/authorized_keys2 file and copy the private key to a safe place.
NOTE: I wasn't able to use puttygen generated SSH keys with eclipse, I think this is because putty uses a special private key format eclipse can't use.
Linux:
Restrict shell access:
I don't want that my CVS user can use my server to tunnel connections or use a shell and browse on the server, so I added some basic security features:
Create a file /bin/cvssh, chmod 755 it and add this content:
#!/bin/bash
if [ "$2" != "cvs server" ]; then
echo "Access Denied"
exit 1
fi
cvs server
exit
Edit the file /etc/passwd and change the shell of the cvsuser (usually /bin/bash) to /bin/cvssh. Thanks to novell for this info.
Restrict SSH tunneling:
Edit the file ~/.ssh/authorized_keys2 and add the option no-port-forwarding in front of the public key.
No comments:
Post a Comment