Subject: Re: cvs and ssh
To: David Forbes <firstname.lastname@example.org>
From: Bill Sommerfeld <email@example.com>
Date: 08/05/2001 16:20:18
> 1) Set CVS_RSH=ssh and get machine C to connect back. This has two
> problems: a) I'd need to have the user on machine C's keys in an
> authorized_keys file on A and, b) it won't get through the firewall.
> 2) Setup a ssh to forward the pserver port. However, I'd need to put a
> password on machine C in order to get access to A.
> 3) Setup ssh to forward rsh. I feel this is worse than 2.
Note that you can control the "user id" attached to ssh keys at
ssh-keygen time to not contain strings which have any connection with
"A", "B", or "C".
1) ssh from A to C, port-forwarding a local port on C back to a port
on A which is running a secondary ssh server with access to the
repository but not necessarily login access..
Authenticate this "outer" connection on C using a j-random public key
with a key name unrelated to "A".
2) make an ssh connection on C to the local port forwarded in step #1.