-   Linux - Networking (
-   -   Securing CVS with ssh tunneling (

zWaR 07-15-2006 10:43 AM

Securing CVS with ssh tunneling

I want to secure CVS communication with ssh tunneling. I've made a chroot jail, with help of cvsd and i'm trying to use ssh tunneling with help of a ssh key. In general the procedure is this:
1. make user 'cvsd' who has r/w access to the CVS repository
2. set 'cvsd's shell to /bin/bash (or some proper shell) in /etc/passwd
3. set 'cvsd's password to * in /etc/shadow
4. have all developers who are using the CVS generate an ssh key
5. put an entry in 'cvsd's /home/cvsd/.ssh/authorized_keys2 file that looks like:

The client, which wants to connect to the server must fist set CVS_RSH variable to /usr/bin/ssh (or where his ssh resides) and uses :ext for cvs connection, e.g. cvs -d :ext:user@host:/cvsroot checkout module_name

The problem is, the ssh connection to the server does not use the standard port 22 for connection, but port number 22022. How can i now connect to the server? Is there a ssh's system variable or a config file i should set to change the default port number?

unSpawn 07-16-2006 06:07 AM

export CVS_CLIENT_PORT=22022

zWaR 07-16-2006 03:05 PM

Unfortunately this is not working, because i use ssh for initial connection, not cvs. CVS traffic (using pserver protocol) is transferred throughout the ssh tunnel. I have to configure ssh somehow, not cvs. The external cvs shell is set to ssh, not to rsh (export CVS_RSH=ssh). I even tried to add ssh -p 22022 to CVS_RSH variable, but it's not working, i get this error msg:
cvs [checkout aborted]: cannot exec /usr/bin/ssh -p 22022: No such file or directory
(using the default ssh port 22 works though).

Maybe there is a similar variable like CVS_CLIENT_PORT for ssh??

zWaR 07-17-2006 03:43 AM

I got one solution, i put this line into ~/.ssh/config:
Port 22022

And it works! :)

unSpawn 07-17-2006 04:19 AM

I got one solution, i put this line into ~/.ssh/config:
Port 22022

Better confine that to the host-specific section of config or it'll be taken as default:
Host something.something
Port 22022

All times are GMT -5. The time now is 04:58 AM.