Subject: Re: cvs and ssh
To: David Forbes <david@flossy.u-net.com>
From: David Maxwell <david@vex.net>
List: netbsd-users
Date: 08/05/2001 10:45:34
On Sat, Aug 04, 2001 at 07:40:59PM +0100, David Forbes wrote:
> I have a machine with a cvs repository on it, behind a firewall and a
> demand dialled modem.  I have another machine out on the internet, to
> which I connect with ssh.
> 
> machine A  ----- machine B ---modem---internet ----- machine C
>  cvs repo        firewall
> 
> 
> I would like to be able to do cvs co/update etc on machine C during a ssh
> session from A.  I'm thinking that I can do this with a ssh tunnel of some
> 
> 2) Setup a ssh to forward the pserver port.  However, I'd need to put a
> password on machine C in order to get access to A.

Sooner or later, C will need a password - stored vs typed by a user is a
different discussion. Is your concern re: leaving passwords in a file
outside the fw? That shouldn't be needed - unless you also intend to
cron this cvs update or something similar.

> 3) Setup ssh to forward rsh.  I feel this is worse than 2.

I wouldn't involve rsh, not much benefit to doing so.

> Is it possible to set CVS_RSH to some devious value, so that it uses the
> basic ssh connection backwards?

Not quite. You can however open an ssh forwarded port and ssh back down
that.

A%> ssh -R 2200:localhost:22 user@C
...
C%> setenv CVS_RSH 'ssh -p 2200'

You'll need an ssh acceptable login method to A to complete cvs
transactions.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
Any sufficiently advanced Common Sense will seem like magic... 
					      - me