Secure remote access with CVS199
The
m
key will mark multiple files (indicated by an asterisk) so that they can be committed or
have other actions taken on them at the same time. The
u
key can remove the mark from a file.
There are more options available within
pcl-cvs
, but this should give you enough infor-
mation to begin using the application productively.
6.7Secure remote access with CVS
The main goal of CVS is to provide a central repository for the storage of development projects
and to provide access to and management tools for those projects. CVS by its nature is not a
secure protocol.
Passwords, source code files and project data are transmitted across the network in clear
text and available to anyone along the data path that cares to eavesdrop and analyze the data
collected.
Various developers, aware of the inherent insecurity of the CVS protocol, have started
using Secure Shell (ssh) to provide an additional layer of security to the development process.
This chapter describes how to set up ssh on the clients and the server in order to ensure that
code, data and authentication information are handled in a secure manner.
6.7.1Secure Shell Access
When describing remote access methods to use for CVS earlier, the method for setting up
rsh access to the server was intentionally omitted. The protocol used by rsh is inherently inse-
cure in that it transmits all information across the network in plain text and encourages trust rela-
tionships to be set up between computers that can lead to system compromises.
Secure Shell (ssh) is a replacement for rsh that uses client and server authentication as well
as strong cryptography. It is a little more difficult to set up ssh access to a CVS repository than to
set up rsh access, but the security advantages outweigh any additional time and effort in setting
up the server.
The first step is to ensure that the CVS server has ssh installed and properly configured.
Ssh may be obtained from several sources. OpenSSH (http://www.openssh.org) is an open
source implementation of the protocol that is widely used. This is also what ships with RedHat
Linux.
Using ssh with CVS uses RSA Authentication and you need to make sure that this is
turned on in the ssh configuration file. This configuration file is
/etc/ssh/sshd_config
.
Locate the RSA Authentication and configuration and make sure that it is turned on. It
should read:
RSAAuthentication yes
This should complete the ssh configuration on the server.
Now log into the client machines that are going to be accessing the CVS repository. Each
user that wishes to access the repository must: