Ronald Petty <[EMAIL PROTECTED]> writes: > Could someone explain the difference between using :ext: (with > CVS_RSH=ssh) over using pserver and having tcpwrapper listen on 2401? > > Why would one do either over the other? > Ron
With ssh, you are using strong authentication and there is no possibility that someone else will be able to utilize any possible security holes in cvs to spoof being someone else on your server machine. With pserver, your password is kept in a trivially obscured token in a $HOME/.cvspass file and sent over the network in the clear. Once you have connected to the 2401 server which is typically running as root you run the possibility that someone will have found an exploit in cvs to either become root on your server machine or to become someone else on your server machine than was intended. Use your favorite search engine and look for the keywords: cvs pserver security for examples that have arisen in the past and realize that it is possible that other bugs still exist. If the problem is that you need anonymous CVS access, you may wish to look at the following link: Anonymous CVS access via ssh http://www.kitenet.net/programs/sshcvs/ I know that a number of folks have already talked about security issues and CVS. I suggest you read the "Linux security issues as they pertain to CVS" thread that starts here: http://mail.gnu.org/archive/html/info-cvs/2001-05/msg00935.html if you need/want more background on security. Enjoy! -- Mark _______________________________________________ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs