Install the CVS server: apt-get install cvs. This will install CVS, the dae­mon gets started with inetd and the CVS root is by default /var/lib/cvs. By default you can con­nect to your CVS server via pserver, but you shouldn’t use pserver when you set up a pub­lic CVS server, as the pass­word gets not encrypted when you log on. I want to cre­ate a SSH tun­nel to con­nect the CVS server:

Linux:
Basics: cre­ate a CVS user, lets call him cvsuser (quite cre­ative, eh?). Cre­ate the file ~/.profile and add this text:
export CVS_RSH=ssh

pre­pare the SSH-keyfile, cre­ate the empty file ~/.ssh/authorized_keys2

Win­dows:
I use eclipse a my IDE, choose this menu [Win­dow / Pref­er­ences / Team / CVS / SSH2 Con­nec­tion / Key Man­age­ment] and cre­ate the SSH key­pair. Paste the pub­lic key into the ~/.ssh/authorized_keys2 file and copy the pri­vate key to a safe place.

NOTE: I wasn’t able to use put­ty­gen gen­er­ated SSH keys with eclipse, I think this is because putty uses a spe­cial pri­vate key for­mat eclipse can’t use.

Linux:
Restrict shell access:
I don’t want that my CVS user can use my server to tun­nel con­nec­tions or use a shell and browse on the server, so I added some basic secu­rity fea­tures:
Cre­ate a file /bin/cvssh, chmod 755 it and add this content:

1
2
3
4
5
6
7
#!/bin/bash
if [ “$2″ != “cvs server” ]; then
echo “Access Denied“
exit 1
fi
cvs server
exit

Edit the file /etc/passwd and change the shell of the cvsuser (usu­ally /bin/bash) to /bin/cvssh. Thanks to nov­ell for this info.

Restrict SSH tun­nel­ing:
Edit the file ~/.ssh/authorized_keys2 and add the option no-port-forwarding in front of the pub­lic key.

CVS-SSH2 Server installation (debian)

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*