Eivind: I am trying to follow the instructions posted at http://www.prima.eu.org/tobez/cvs-howto.html to set up a CVS pserver tunnelled over SSH.
My server is Linux, so I adapted the server configuration from the instructions. I am attaching the commands that I executed in case you need them as a reference. I am using a Windows 2000 machine as a client. It has the cygwin package with perl, regex, cvs, and ssh installed on it. To test the configuration, I went to a DOS prompt, changed the directory to C:\cygwin\bin, and executed this command: ssh [EMAIL PROTECTED] -L 2401:dev.jammconsulting.com:2410 open I got these messages: Could not create directory '/home/Neil Aggarwal/.ssh'. The authenticity of host 'dev.jammconsulting.com (204.130.252.205)' can't be established. RSA key fingerprint is 77:12:5a:f6:36:c3:40:e7:e8:cc:69:f4:31:7b:f9:13. Are you sure you want to continue connecting (yes/no)? yes Failed to add the host to the list of known hosts (/home/Neil Aggarwal/.ssh/known_hosts). /tmp/filexbkPbz I checked on the server and there is this file in /tmp prw------- 1 cvs cvs 0 Jan 31 23:33 filexbkPbz I then loaded another DOS prompt, changed the directory to c:\cygwin\bin, and executed: cvs -d :pserver:neil@localhost:/testproject login I got this message: (Logging in to neil@localhost) CVS password: When I typed in the password, I get this message: cvs [login aborted]: recv() from server localhost: Connection reset by peer Can you offer any help? Thanks, Neil. -- Neil Aggarwal JAMM Consulting, Inc. (972) 612-6056, http://www.JAMMConsulting.com Custom Internet Development Websites, Ecommerce, Java, databases
For this discussion, the project name is testproject /usr/sbin/useradd cvs mkdir -p /home/cvs/cvsroot chown cvs.cvs /home/cvs/cvsroot chmod 700 /home/cvs/cvsroot cd /home/cvs/cvsroot mkdir bin dev etc tmp chown cvs.cvs bin dev etc tmp chmod 555 bin dev etc cvs -d /home/cvs/cvsroot/testproject init chown -R cvs.cvs testproject cd dev mknod null c 1 3 chown 0.0 null chmod 666 null cd /usr/local lynx http://ftp.cvshome.org/cvs-1.11.1/cvs-1.11.1p1.tar.gz tar zxvf cvs-1.11.1p1.tar.gz cd cvs-1.11.1p1 ./configure --disable-client cd src vi Makefile and add -Xlinker -static to the LDFLAGS line (NOT the cvs_LDFLAGS line) cd .. make cp src/cvs /home/cvs/cvsroot/bin cd /home/cvs/cvsroot chown cvs.cvs bin/cvs chmod 500 bin/cvs cd testproject/CVSROOT vi passwd Add a line of the form: login:encryptedpassword:cvs for each user where encryptedpassword is copied out of /etc/shadow vi writers Add the line of the form: login for every developer who will have the write access to the project. chown cvs.cvs passwd chown cvs.cvs writers cd /tmp vi run-cvs.c and add this content: #include <stdlib.h> #include <unistd.h> /* change these values to suit your setup */ #define BASE "/home/cvs/cvsroot" #define OWNER_UID 513 /* Set this to the first number in the result of grep cvs /etc/passwd */ #define OWNER_GID 513 /* Set this to the first number in the result of grep cvs /etc/group */ int main(int argc, char *argv[]) { int res; res = chdir(BASE); if ( res ) exit(1); res = chroot(BASE); if ( res ) exit(2); res = setgid(OWNER_GID); if ( res ) exit(3); res = setuid(OWNER_UID); if ( res ) exit(4); /* there should be --allow-root string for every repository you are going to allow access to */ execl("/bin/cvs", "cvs", "--allow-root=/testproject", "pserver", NULL); exit(3); } gcc -o run-cvs run-cvs.c mkdir /home/cvs/sbin cp run-cvs /home/cvs/sbin vi /etc/services and add this line: cvssshpserver 2410/tcp # CVS over SSH pserver vi /etc/xinetd.d/cvssshpserver and add these lines: service cvssshpserver { socket_type = stream protocol = tcp user = root server = /home/cvs/sbin/run-cvs server_args = run-cvs type = UNLISTED wait = no } unset HOME /etc/init.d/xinetd restart cd /tmp vi zzh.c and add this content: /* * zzh.c * * Shell for the "SSH Sleeping Beauty" user. * * (c) 1999, Tim Hemel <[EMAIL PROTECTED]> * * $Id: zzh.c,v 1.1 1999/02/19 14:57:46 tim Exp $ */ #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/time.h> #include <sys/stat.h> #include <unistd.h> #include <fcntl.h> #include <signal.h> /* Timeout in seconds */ const int ZZZ = 10*60; #define MAX_CMD_LEN 255 char cmd[MAX_CMD_LEN+1]; /* simple commandline parsing */ void parse_opt(int argc, char *argv[]) { int i,done; done = 0; for (i=0; (i<argc-1) && !done ; i++) { if (!strcmp(argv[i],"-c")) { strncpy(cmd,argv[i+1],MAX_CMD_LEN); cmd[MAX_CMD_LEN] = '\0'; done = 1; } } } int main ( int argc, char* argv[] ) { int i; char *fn; int fd; fd_set fs; struct timeval to; struct stat sb; signal( SIGPIPE, SIG_IGN); /* set cmd to "" */ cmd[0]='\0'; parse_opt(argc, argv); /* if no command string, exit */ if (!strcmp(cmd,"")) exit(0); /* check what the command is */ if (!strcmp(cmd,"open")) { /* create a temporary filename, which will be used as a magic word */ fn = tmpnam(0); fprintf(stdout,"%s\n",fn); fflush(stdout); /* fprintf(stderr,"#%s\n",fn); */ /* create a named pipe with this name */ if (!mkfifo(fn, 0600)) { if ((fd = open(fn,O_RDONLY)) >0 ) { /* set up a file descriptor set for select() */ FD_ZERO(&fs); FD_SET(fd,&fs); /* set the ZZZ second timeout */ to.tv_sec = ZZZ; /* wait for input and do nothing with it */ if (select(fd+1, &fs, 0, 0, &to)>0) { /* lseek(fd,0,SEEK_END); /* not necessary */ } } /* remove the temporary file */ unlink(fn); } } else /* cmd != "" && cmd != "open" */ { /* see if a file named cmd exists and is a named pipe */ if (!stat(cmd,&sb)) { if(sb.st_mode & S_IFIFO) { /* write to it */ fd = open(cmd,O_WRONLY); if (fd > 0) { write(fd, "wake up", 1); } } } else { perror("stat"); } } /* return 0; */ exit(0); } gcc -o zzh zzh.c This will report this message, ignore it: the use of `tmpnam' is dangerous, better use `mkstemp' mkdir /home/cvs/bin cp zzh /home/cvs/bin vipw Navigate to the line starting with cvs and change the /bin/bash to /home/cvs/bin/zzh Hit ZZ to exit. Answer y to editing the shadow file and remove the !! symbols between the first two colons. vi /etc/ssh/sshd_config and set the line: PermitEmptyPasswords yes /etc/init.d/sshd restart