OK, I've settled on either importing our entire ERP source with -kb or
writing a script to traverse the sourcetree and check in the files
intelligently as either binary or text. (anyone already have a script
that does this?)
Now, about security. We would be a multi-client shop, so I need SSH
I am a new user of CVS. I setup CVS server on my linux box. I want two users
to have check-in access to my repository and i want to use SSH. To use SSH i
need to make shell accounts for those two users. Now because these two users
have shell account and have write access to my repository, they can
--- Phil R Lawrence <[EMAIL PROTECTED]> wrote:
> OK, I've settled on either importing our entire ERP
> source with -kb or
> writing a script to traverse the sourcetree and
> check in the files
> intelligently as either binary or text. (anyone
> already have a script
> that does this?)
>
> Now,
Phil R Lawrence writes:
>
> I saw in the docs how to set up pserver and how it can manage read-write
> permissions. But I won't run a server without encryption.
>
> How can I have SSH *and* locked down projects *and* locked down CVSROOT dir?
Forget pserver, use SSH with individual system accou
At 10:51 AM 12/12/2002, Phil R Lawrence wrote:
Now, about security. We would be a multi-client shop, so I need SSH to
encrypt sign-on info. Also, to make auditors very happy, we need to grant
and deny write security to various projects in the repository.
We are a multi-client shop, too. We us
Phil R Lawrence wrote:
>How can I have SSH *and* locked down projects *and* locked down CVSROOT
dir?
>Security is very important.
I had actually planned to make CVS available via the web to some people,
so I tried to find a secure way of doing so. Instead of using pserver, I
followed
the instruct
PS - are there any windows and linux clients that particularly shine
with SSH?
TortoiseCVS on Windows (http://www.tortoisecvs.org/) works very well
with ssh. They distribute a customized version of plink from the PuTTy
suite.
HTH
Geoff
___
In
We run pserver on a machine behind a firewall and access with redirected
ports with ssh.
Someone posted on this list a cookbook ssh command to do so...
ssh [EMAIL PROTECTED] -L 2401:host.whatever.com:2401
Then set your CVSROOT to point to localhost.
Works.
Steve
On Thu, 2002-12-12 at 10:51,
One other problem with pserver is that passwords are
stored "in the clear" on the users' home directories.
At least with SSH, the keys can be encrypted using a
password that the user enters either upon login or on
a per-use basis.
Noel
--- Steven Tryon <[EMAIL PROTECTED]> wrote:
> We run pserver
> One other problem with pserver is that passwords are
> stored "in the clear" on the users' home directories.
>
> At least with SSH, the keys can be encrypted using a
> password that the user enters either upon login or on
> a per-use basis.
Actually, if you setup your ssh keys correctly (ssh-ke
Steven Tryon wrote:
> On Thu, 2002-12-12 at 10:51, Phil R Lawrence wrote:
>
>>I saw in the docs how to set up pserver and how it can
>>manage read-write permissions. But I won't run a server
>>without encryption.
>
We run pserver on a machine behind a firewall and access with redirected
ports wit
--- "Zieg, Mark" <[EMAIL PROTECTED]> wrote:
> > One other problem with pserver is that passwords
> are
> > stored "in the clear" on the users' home
> directories.
> >
> > At least with SSH, the keys can be encrypted using
> a
> > password that the user enters either upon login or
> on
> > a per-us
> Password-protected keys help protect them against
> theft. I would encourage everyone to use such keys.
> Or did I misunderstand your post?
Are you talking about ssh-agent, or passphrase-based ssh keys, or an
external layer of encryption on the keyfiles, or what? Please be specific.
ssh-agen
Zieg, Mark wrote:
My biggest problem with any of these approaches, besides the inconvenience,
is they eliminate the opportunity for secure, automated batch processes. I
have various cron jobs that fire off automatically, connect to different
servers, do reports/extracts/whatever, and so on. For
--- "Zieg, Mark" <[EMAIL PROTECTED]> wrote:
> > Password-protected keys help protect them against
> > theft. I would encourage everyone to use such
> keys.
> > Or did I misunderstand your post?
>
> Are you talking about ssh-agent, or passphrase-based
> ssh keys, or an
> external layer of encrypt
Pankaj Garg wrote:
> I am a new user of CVS. I setup CVS server on my linux box. I
> want two users
> to have check-in access to my repository and i want to use
> SSH. To use SSH i
> need to make shell accounts for those two users. Now because
> these two users
> have shell account and have writ
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf
> Of Pankaj Garg
> Sent: Tuesday, February 03, 2004 10:59 AM
> To: [EMAIL PROTECTED]
> Subject: CVS security question
>
> To use SSH i
> need to make shell accounts fo
Pankaj Garg writes:
>
> I am a new user of CVS. I setup CVS server on my linux box. I want two users
> to have check-in access to my repository and i want to use SSH. To use SSH i
> need to make shell accounts for those two users. Now because these two users
> have shell account and have write acc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pankaj Garg <[EMAIL PROTECTED]> writes:
> I am a new user of CVS. I setup CVS server on my linux box. I want two users
> to have check-in access to my repository and i want to use SSH. To use SSH i
> need to make shell accounts for those two users. No
ent: Tuesday, February 03, 2004 10:59 AM
> To: [EMAIL PROTECTED]
> Subject: CVS security question
>
> To use SSH i
> need to make shell accounts for those two users. Now because
> these two users
> have shell account and have write access to my repository, they can
> essential
is e-mail immediately.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Mark Jaffe
Sent: Tuesday, February 03, 2004 3:26 PM
To: [EMAIL PROTECTED]
Subject: RE: CVS security question
You can prevent a user from logging in by setting the shell variable in the
/e
.
Whats stopping people from implementing this?
Thanks
Pankaj
From: "Mark D. Baushke" <[EMAIL PROTECTED]>
To: "Pankaj Garg" <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: CVS security question
Date: Tue, 03 Feb 2004 09:10:49 -0800
-BEGIN PGP SIGNED MES
Classification: UNCLASSIFIED
> -Original Message-
> From: Pankaj Garg [mailto:[EMAIL PROTECTED]
> SSH. To use SSH i
> need to make shell accounts for those two users.
yes and no. if their repository permissions are the same then make a fake
shell user to represent the persons and then pu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pankaj Garg <[EMAIL PROTECTED]> writes:
> I wonder why do we not CVS has a server which run with SUID (Super
> User ID) and only it can access repository. Other users can login via
> SSH, verify their credentials with our CVS Server and ask CVS Server
[ On Tuesday, February 3, 2004 at 12:32:42 (-0800), Rick Genter wrote: ]
> Subject: RE: CVS security question
>
> It's probably more secure to set their shell to something that does
> exist but won't function as a shell, like /dev/null or
> /bin/false.
Well it depends on
[ On Tuesday, February 3, 2004 at 13:05:57 (-0800), Pankaj Garg wrote: ]
> Subject: Re: CVS security question
>
> I wonder why do we not CVS has a server which run with SUID (Super User ID)
> and only it can access repository.
Because CVS is not a security tool, nor is it "secur
26 matches
Mail list logo
