Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
One of the more common ways is with SSH, but I don't know how to do this with an NT server. On unix server (solaris/linux/etc -- clients can be whatever) you would do the following: 1. setup CVS server with pserver active, set your hosts.allow to only accept incoming SSH connections (port 22) (you MUST block remote port 2401 access) 2. setup SSHD on the server with port forwarding allowed 3. setup local machine with CVSROOT=:pserver:<server_username>@localhost:<path_on_server> 4. enable SSH tunneling in your SSH client and port forwarding for this mapping: localhost:2401 -> server:2401 5. SSH login into the CVS server 6. while SSH'd into local server, run the CVS commands locally. Your SSH client program will intercept requests to port 2401, and forward them through the encrypted tunnel to the CVS server. Data coming back will also be on this TCP socket, and therefore encrypted. Advantages of this method: 1. Works just as well for truly remote machines as for local machines 2. With a different hosts.allow, you can enable standard :pserver: for, say, machines on your subnet without hurting sitewide security too much (given the clients are all secure) 3. The encryption has been proven in practice to be quite secure... SSH/SSL, with the exception of the buffer overflow found a month ago and the known password sending problems in SSH versions <1.5, is trusted by BSD and many other groups known for their attention to security. 4. Requires SSH login validation before any CVS commands can be performed, and SSH2 I believe is designed to defeat man-in-the-middle type attacks. Disadvantages of this method: 1. You must log in with SSH before you can use CVS, therefore you must have at least semi-functional accounts on said server, which is potentially a security risk if a local exploit is discovered in the OS. 2. Requires an SSH client. There are free ones available (PuTTY does SSH2, TeraTermPro/SSH only does SSH1), but many are commercial implementations. (They often come with X servers like Hummingbird eXceed) --eric > -----Original Message----- > From: Mike Shoemaker [mailto:shoemaker_m at yahoo.com] > Sent: Tuesday, March 26, 2002 11:26 AM > To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook > Subject: [Cvsnt] PServer Security > > > Anyway to make pserver more secure over the internet? > > > > > _______________________________________________ > Cvsnt mailing list > Cvsnt at cvsnt.org > http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs > _______________________________________________ Cvsnt mailing list Cvsnt at cvsnt.org http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs