Greg A. Woods wrote, On 2002-11-15 00:49:
Because it's how remote CVS was designed to be used and because it isThat's partly wrong. If you set up the pserver and makes sure (either via inetd (hosts.deny/.allow) if that's your preferred way of launching it, or iptables etc) that only requests originating from 127.1 gets through, then by tunneling localport 2401 to remote port 2401 is absolutely secure.
the only way to make remote CVS access secure. CVS-pserver is not
secure in any way whatsoever and cannot be made secure.
First issue:
ssh -L2401:localhost:2401
Then set your CVSROOT to ":pserver:whatever@localhost:/repository" and off you go.
It has the advantage of not having the user at the cvs server adding/rewriting files, but only the user that the pserver runs as (which might take some weight of the poor admins burden).
My "two cents" anyway...
/
Fredrik
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs