Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Hi, I am setting up a cvs server using cvsnt in my company (two distant sites will be using it), and we basically have the same base requirements as you that is: - server exposed on the internet - the firewall forward connection through port 22 (ssh) from outside to the cvs server - accounts for cvs access are set locally on the machine. - we would like to use rsa key authentication The setup works fine so far, the only problem we are experiencing is on the key authentication side. We have set up the server with the free OpenSSHd server and there is one well known issue with this particular server on windows is that it doesnt actually record the submitters name into the repository but record SYSTEM instead. What can prove very annoying when it comes to source management. This issue doesn't seem to happen with commercial implementation of sshd server, so you might consider buying one of those in order to have things running smoothly. See http://www.cvsnt.org/pipermail/cvsnt/2001-December/000056.html for more Philippe Legrain -----Original Message----- From: ELoy at riverdeep.net [mailto:ELoy at riverdeep.net] Sent: den 4 februari 2004 09:24 To: grstarrett at cox.net; cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook Subject: RE: [cvsnt] SSH It would most likely need to be exposed on the Internet. I can have our IT guys punch a hole in our firewall, but only if I can assure them (and demonstrate) that the connection is secure. External users would probably have local accounts on the machine, and internal users would use domain credentials. SSH/SSL style encryption would be required, and forcing authentication via an RSA style key would be even better. We already have HTTP servers exposed to the Internet, but the CVS server is behind another firewall, so it would be nice if I could put SSH on one of the exposed servers and forward the traffic to the CVS box (I read something about that being possible...), but it's not a requirement. -Erin -----Original Message----- From: Glen Starrett To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook Sent: 2/3/2004 9:00 PM Subject: Re: [cvsnt] SSH Erin Loy wrote: >Hi All, > > > >I'm fairly new to CVS, and could use some help on this one. We need to >work collaboratively with contractors in India, and I need to get CVSNT >working securely enough to expose a proprietary repository to them on the >Internet. The documentation that I've used up to this point assumes a lot >about my knowledge of secure communications, and frankly I'm confused at >this point. > > > >Where should I start? > > > Good question.... very vague and hard to answer though. Are you on a intranet (private link / VPN) to India, over the Internet, is encryption required (if you already are using a VPN then the communication is encrypted), etc.etc. CVSNT supports a number of protocols, and most can be encrypted I believe. You can tell the server to force encryption. You can have source verification (e.g. SSH or SSL), there might be a way to do client verification (would gserver help with that??). I don't have the answers, but I could lead you to more questions... :) -------------------- Glen Starrett _______________________________________________ cvsnt mailing list cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs _______________________________________________ cvsnt mailing list cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs