Re: Moving to Pserver from .rhosts
Greg A. Woods wrote, On 2002-11-15 19:40: [ On Friday, November 15, 2002 at 17:08:16 (+0100), Fredrik Wendt wrote: ] Subject: Re: Moving to Pserver from .rhosts It has the advantage of not having the user at the cvs server adding/rewriting files, but only the user that the pserver runs as (which might take some weight of the poor admins burden). Then you have no accountability in your CVS repository. None. True, but to us, there's actually only one developer, person X. It doesn't matter who does what to the repository - there is a very limited number of developers who can access the server via SSH. And we don't use reserved checkouts, editors/watchers. There is no interest of who did what, only what's been developed. You cannot have security without accountability. Integrity alone is useless. You're probably right, though I'm not sure what you mean by accountability (I'm not a native english speaker). / Fredrik ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
[ On Saturday, November 16, 2002 at 12:18:19 (+0100), Fredrik Wendt wrote: ] Subject: Re: Moving to Pserver from .rhosts True, but to us, there's actually only one developer, person X. Then why even bother with remote access via CVS? If that one developer wants to work on files on some other host then they can easily copy them over to it as necessary, and back again when they're done. CVS is not a file distribution mechanism. CVS is not a networked filesystem. Use the right tool for the job! :-) You're probably right, though I'm not sure what you mean by accountability (I'm not a native english speaker). accountability is that which allows you to hold the real person responsible for changes. Accountability is impossible without an equal level of authentication (to make sure you have the right person), and integrity (to make sure the person in question is actually responsible for the changes). The three A's are the primary components of a trusted computing base. Privacy is the fourth leg of security. (indeed with cvs pserver there's no guarantee of integrity either, which is why you end up with even less than no accountabilty) -- Greg A. Woods +1 416 218-0098;[EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
On Sun, 2002-11-17 at 07:25, Greg A. Woods wrote: [ On Saturday, November 16, 2002 at 12:18:19 (+0100), Fredrik Wendt wrote: ] Subject: Re: Moving to Pserver from .rhosts True, but to us, there's actually only one developer, person X. Then why even bother with remote access via CVS? If that one developer wants to work on files on some other host then they can easily copy them over to it as necessary, and back again when they're done. I'm doing single-user development with CVS at the moment, and using a remote host. (Yes, Greg, I'm using ssh.) Why CVS? For the version and revision control. Why a remote host? Because this way I automatically have two copies, in two different locations, at all times. We do also have a backup system, which backs the repository up to tape, but I'm comfortable knowing that whatever gets cvs committed is sent to a different machine, with a different hard disk, in a different building. Besides, the remote host is the one that already had a repository which was already in our backup script. :) Occasionally the right tool for the job is the one which takes least effort. But speaking of minimal effort: ssh takes, IMO, less effort to set up than correctly setting up pserver, especially if you have a package manager on the server and are running Unix or Linux. Install ssh on both machines, generate keys, set CVS_RSH to ssh, set your CVS connection method to :ext:. Done. Yes, SSH is a little more annoying to set up on Windows. I recommend recent versions of Putty. Do read the docs - you'll need to use the key generator and to set 'pageant' (putty key agent) running. Plink is the command line ssh client. Jenn V. -- Do you ever wonder if there's a whole section of geek culture you miss out on by being a geek? - Dancer. [EMAIL PROTECTED] http://anthill.echidna.id.au/~jenn/ ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
Greg wrote: True, but to us, there's actually only one developer, person X. Then why even bother with remote access via CVS? If that one developer wants to work on files on some other host then they can easily copy them over to it as necessary, and back again when they're done. CVS is not a file distribution mechanism. CVS is not a networked filesystem. Use the right tool for the job! :-) The problem is not to distribute files, nor handing them out over some network, but to track changes made to them and disabling the ability to accidently overwrite what the other person spent his last two days on, just because those win-people are too easy on the drag-n-drop trigger finger... Using CVS this way can't be wrong. CVS offers a lot of other features and possible ways of operation, but there's nothing wrong with not getting into a car crash just because the car has life saving airbags... accountability is that which allows you to hold the real person responsible for changes. Accountability is impossible without an equal level of authentication (to make sure you have the right person), and integrity (to make sure the person in question is actually responsible for the changes). The three A's are the primary components of a trusted computing base. Privacy is the fourth leg of security. I've never actually read or heard the word up 'til now, however my guess was what you explained here. Thanks. / Fredrik ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
[ On , November 17, 2002 at 10:23:47 (+1100), Jenn Vesperman wrote: ] Subject: Re: Moving to Pserver from .rhosts Why a remote host? Because this way I automatically have two copies, in two different locations, at all times. That's not a bad reason, though it wouldn't be good enough alone to justify not using SSH. :-) But speaking of minimal effort: ssh takes, IMO, less effort to set up than correctly setting up pserver, especially if you have a package manager on the server and are running Unix or Linux. That's what I've always thought too! -- Greg A. Woods +1 416 218-0098;[EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
Greg A. Woods wrote, On 2002-11-15 00:49: Because it's how remote CVS was designed to be used and because it is the only way to make remote CVS access secure. CVS-pserver is not secure in any way whatsoever and cannot be made secure. That's partly wrong. If you set up the pserver and makes sure (either via inetd (hosts.deny/.allow) if that's your preferred way of launching it, or iptables etc) that only requests originating from 127.1 gets through, then by tunneling localport 2401 to remote port 2401 is absolutely secure. First issue: ssh -L2401:localhost:2401 Then set your CVSROOT to :pserver:whatever@localhost:/repository and off you go. It has the advantage of not having the user at the cvs server adding/rewriting files, but only the user that the pserver runs as (which might take some weight of the poor admins burden). My two cents anyway... / Fredrik ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
[ On Friday, November 15, 2002 at 17:08:16 (+0100), Fredrik Wendt wrote: ] Subject: Re: Moving to Pserver from .rhosts It has the advantage of not having the user at the cvs server adding/rewriting files, but only the user that the pserver runs as (which might take some weight of the poor admins burden). Then you have no accountability in your CVS repository. None. You cannot have security without accountability. Integrity alone is useless. -- Greg A. Woods +1 416 218-0098;[EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: Moving to Pserver from .rhosts
Greg opines: Then you have no accountability in your CVS repository. None. Argh. Give it a rest, Greg. You have as much accountability as you have from ssh and the passwd file: you know the name of the person (from the pserver passwd file), and that is recorded in the repository. And yeah, yeah, I know that pserver doesn't use shadow password files and so the passwords are crackable by ordinary users blah blah blah. Still, ... -- Shankar. ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
RE: Moving to Pserver from .rhosts
[ On Friday, November 15, 2002 at 11:17:10 (-0800), Shankar Unni wrote: ] Subject: RE: Moving to Pserver from .rhosts Greg opines: Then you have no accountability in your CVS repository. None. You have as much accountability as you have from ssh and the passwd file: you know the name of the person (from the pserver passwd file), and that is recorded in the repository. No you don't. CVS is not a security application. It was not designed to be one and it cannot ensure any (i.e. not any at all) level of accountabilty. None whatsoever. Nil. Zilch. Zip. Zero. Negative even. If you think otherwise you are sadly mistaken and seriously fooling yourself into a complete and utterly false sense of security. -- Greg A. Woods +1 416 218-0098;[EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
Greg A. Woods wrote: [ On Friday, November 15, 2002 at 11:17:10 (-0800), Shankar Unni wrote: ] Subject: RE: Moving to Pserver from .rhosts Greg opines: Then you have no accountability in your CVS repository. None. You have as much accountability as you have from ssh and the passwd file: you know the name of the person (from the pserver passwd file), and that is recorded in the repository. No you don't. CVS is not a security application. It was not designed to be one and it cannot ensure any (i.e. not any at all) level of accountabilty. None whatsoever. Nil. Zilch. Zip. Zero. Negative even. If you think otherwise you are sadly mistaken and seriously fooling yourself into a complete and utterly false sense of security. Stupid questions for blowhards time: When did anyone in this thread actually *ask* how to secure their CVS server? /|/|ike ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
Larry Jones wrote: Mahantesh writes: we have working repository running right now. Currently the mode of authentication is .rhosts. We are planning to migrate the mode of authentication to pserver. Why? :ext: is generally consider superior to :pserver:, particularly when used with ssh rather than rsh. Not all systems implement rsh the same way, as there was never any real spec. As such, the OP may be working with systems whose rsh's do not interoperate. If there is no need to secure the client/server connections, then pserver makes a nice low maintenance solution, and is sure to work on any machine on which a CVS client can be compiled. /|/|ike ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
This is the second reply that implies that .rhosts is superior to pserver - can someone explain why? I had to make this decision recently and concluded that pserver was the prefered way... [EMAIL PROTECTED] (Greg A. Woods) Sent by: [EMAIL PROTECTED] 12/11/2002 21:56 Please respond to info-cvs To:Mahantesh [EMAIL PROTECTED] cc:[EMAIL PROTECTED] Subject:Re: Moving to Pserver from .rhosts [ On Tuesday, November 12, 2002 at 19:28:49 (+0530), Mahantesh wrote: ] Subject: Moving to Pserver from .rhosts we have working repository running right now. Currently the mode of authentication is .rhosts. We are planning to migrate the mode of authentication to pserver. Also after moving to pserver mode we should be able have all the versions we have right now. Why would you ever even dream of doing that? Why not upgrade to SSH (and ~/.shosts :-) instead? -- Greg A. Woods +1 416 218-0098; [EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
[ On Thursday, November 14, 2002 at 08:20:18 (+0100), [EMAIL PROTECTED] wrote: ] Subject: Re: Moving to Pserver from .rhosts This is the second reply that implies that .rhosts is superior to pserver - can someone explain why? Because it's how remote CVS was designed to be used and because it is the only way to make remote CVS access secure. CVS-pserver is not secure in any way whatsoever and cannot be made secure. CVS-pserver is only just barely suitable for read-only anonymous access, and then really only if it's used on a secure private network or if there's some other _secure_ way to verify the integrity of the files retrieved via pserver. I had to make this decision recently and concluded that pserver was the prefered way... What could possibly have lead you to that conclusion? -- Greg A. Woods +1 416 218-0098;[EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
Mahantesh writes: we have working repository running right now. Currently the mode of authentication is .rhosts. We are planning to migrate the mode of authentication to pserver. Why? :ext: is generally consider superior to :pserver:, particularly when used with ssh rather than rsh. My question is, whether it is enough just deleting .rhosts files and opening port 2401 and making appropriate entries in startup scripts without doing cvs init which creates CVSROOT. for moving to pserver mode. Yes, the repository is independent of the method used to access it. In fact, you can leave the .rhosts files and continue to use :ext: in addition to :pserver: if you like. (Anyone running on the server machine could also access the repository directly rather than using any of the client/server methods.) And it's worth pointing out that init only creates CVSROOT if it doesn't already exist -- it's perfectly safe to use on an existing repository (in fact, it's recommended any time to upgrade to a new release of CVS) as it carefully preserves any existing administrative files. -Larry Jones It's clear I'll never have a career in sports until I learn to suppress my survival instinct. -- Calvin ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: Moving to Pserver from .rhosts
[ On Tuesday, November 12, 2002 at 19:28:49 (+0530), Mahantesh wrote: ] Subject: Moving to Pserver from .rhosts we have working repository running right now. Currently the mode of authentication is .rhosts. We are planning to migrate the mode of authentication to pserver. Also after moving to pserver mode we should be able have all the versions we have right now. Why would you ever even dream of doing that? Why not upgrade to SSH (and ~/.shosts :-) instead? -- Greg A. Woods +1 416 218-0098;[EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs