Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Yet Another CVS-Server over SSH Tutorial
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Starfox
Tux's lil' helper
Tux's lil' helper


Joined: 04 Sep 2002
Posts: 93

PostPosted: Sun Sep 14, 2003 1:28 pm    Post subject: Yet Another CVS-Server over SSH Tutorial Reply with quote

Yet Another CVS-Server over SSH Tutorial
Version 1.0

What does this howto offer???
When applying this howto to your box you'll get a working cvs server via ssh for exactly ONE cvs user! We are still trying to figure out howto expand the cvs/ssh combination for more than one user, so any help is welcome!
If you need read and/or write access for more than one user your only chance is to setup cvs via :pserver:.

Start
hi folks,
while setting up a cvs-server i recognized that using :pserver:-protocol is quite unsecure and a little tricky to setup. So i switched to CVS via SSH.
(Information on CVS via :pserver: can be found on
https://forums.gentoo.org/viewtopic.php?t=55659&highlight=cvs+server
and
https://forums.gentoo.org/viewtopic.php?t=52757&highlight=cvs+server.
Even lots of the ideas i used i found there.

So, now let's get it on!


    First make sure you emerged ssh and cvs
    Code:
    emerge ssh cvs

    The second step is to create a group for cvs, a cvs user and his homedir, init the cvs server, and finaly fix the permissons:
    Code:

    groupadd cvs # create group cvs
    mkdir -p /home/cvs
    mkdir -p /home/cvs/repository
    useradd -d /home/cvs -g cvs -s /bin/bash cvs
    passwd cvs
    cvs -d /home/cvs/repository init
    chown -R cvs.cvs /home/cvs
    chmod g+rwx /home/cvs

    Already now you are able to use cvs. Make a little test with another console by typing (IMPROTANT: don't do this in /home/cvs/repository !!!):
    Code:
    cvs -d :ext:cvs@localhost:/home/cvs/repository checkout CVSROOT

    You see, checkout is already working fine! What about import and update:
    Code:
    cd /tmp && mkdir project && cd project && echo "this is a test" >dreamless
    cvs -d :ext:cvs@localhost:/home/cvs/repository import -m "I want to import" test vendor start
    cd /tmp && cvs -d :ext:cvs@localhost:/home/cvs/repository checkout test && cd test && cvs update
    so fine, even import and update are working. Finally we test add and commit
    Code:
    cd /tmp/test && echo "this is a new file" > newfile
    cvs add newfile
    cvs commit newfile

Annotations:

  • $CVSROOT
    If you put
    Code:
    CVSROOT=:ext:cvs@your.cvsserver.com:/home/cvs/repository

    into your enviorment, you are able to save the "-d :ext:cvs@your.cvsserver.com:/home/cvs/repository" when using the cvs command

  • Security
    As you are logging in via SSH and the user cvs, this method is only reasonable if you are the only user that uses this repository. Every user who wants to have write access to the repository need to know the cvs password, or an own cvs-user. Maybe i'll describe how to do this later.


Any comments, bug reports, opinions etc. are welcome!
bye fox


Last edited by Starfox on Tue Oct 07, 2003 7:30 pm; edited 1 time in total
Back to top
View user's profile Send private message
TobiWan
Apprentice
Apprentice


Joined: 07 Jul 2003
Posts: 275
Location: Brussels, Old Europe

PostPosted: Fri Oct 03, 2003 4:43 pm    Post subject: Re: Yet Another CVS-Server over SSH Tutorial Reply with quote

Starfox wrote:
As you are logging in via SSH and the user cvs, this method is only reasonable if you are the only user that uses this repository. Every user who wants to have write access to the repository need to know the cvs password, or an own cvs-user. Maybe i'll describe how to do this later.

Any comments, bug reports, opinions etc. are welcome!
bye fox


Great work. It is so much easier than using xinetd.

If only more IDEs would know how to interact with cvs/extssh...

Well, Eclipse does. 8)

Anyway, I really could use some help on how to setup cvs for more than one user and manage user rights within cvs. Any links or hints? 8O

thanks in advance,
Tobias
_________________
Killing for peace is like fucking for virginity.
Back to top
View user's profile Send private message
Starfox
Tux's lil' helper
Tux's lil' helper


Joined: 04 Sep 2002
Posts: 93

PostPosted: Tue Oct 07, 2003 7:09 pm    Post subject: Re: Yet Another CVS-Server over SSH Tutorial Reply with quote

TobiWan wrote:

If only more IDEs would know how to interact with cvs/extssh...

Ähh, the problem with most IDEs is they are not able to handle the password prompt (i had same problems here).
One possible fix could be: Generate a public keyfile for your user, and disable the password challange on the ssh server. BUT BE AWARE, this changes the ssh-login behavior for ALL users on the server, so everyone who didn't create a keyfile and copied that to the server will be unable to login via ssh!!!(i didn't find any way to restrict this behavior of the server to only some users, maybe someone can give me a hint?!)
For the moment i only have a german instruction howto create a keyfile that allows you to login without password (maybe i have time to translate it later!), but the commands are the same as it would be english ;-)
http://www.uni-bayreuth.de/departments/math/serv/cip/net/ssh.html#ohne_passwd

TobiWan wrote:

Anyway, I really could use some help on how to setup cvs for more than one user and manage user rights within cvs. Any links or hints? 8O


Okay i thought about how this would be possible, BUT the greatest problem is you have to allow ssh access to your server for everyone who wants to sync with the repository, and i think that IS A SECURITY HOLE!
For the moment i don't have any realistic solution. I'm sorry :sad: But i'll try to find one.
bye fox
Back to top
View user's profile Send private message
Starfox
Tux's lil' helper
Tux's lil' helper


Joined: 04 Sep 2002
Posts: 93

PostPosted: Thu Oct 09, 2003 8:55 am    Post subject: Reply with quote

Okay I did some research, and i found this link:
http://www.kitenet.net/~joey/sshcvs/
I'll test this tomorrow, and if it will work then i'll bring it into the tutorial.
The only thing i have to solve then is the problem with writeacces to repository.
bye fox

EDIT: As mentioned below the link is down :cry: And i don't have found any other resources. I am sorry :oops:
EDIT2: Jieepieeh. The Link is up again!!! 8)


Last edited by Starfox on Tue Mar 09, 2004 9:01 pm; edited 2 times in total
Back to top
View user's profile Send private message
TobiWan
Apprentice
Apprentice


Joined: 07 Jul 2003
Posts: 275
Location: Brussels, Old Europe

PostPosted: Thu Oct 09, 2003 9:27 am    Post subject: Thanks for your effort :-) Reply with quote

Starfox wrote:
Okay I did some research, and i found this link:
http://www.kitenet.net/~joey/sshcvs/
I'll test this tomorrow, and if it will work then i'll bring it into the tutorial.
The only thing i have to solve then is the problem with writeacces to repository.
bye fox


Thanks for your effort. I'll look into what you've found and try to make something from it.

Tobias
_________________
Killing for peace is like fucking for virginity.
Back to top
View user's profile Send private message
Kuartzer
Tux's lil' helper
Tux's lil' helper


Joined: 15 Jul 2003
Posts: 81
Location: in front of the keyboard @ Lx - PT

PostPosted: Sun Feb 15, 2004 3:37 am    Post subject: Reply with quote

Althoug giving ssh access to cvs users is a security risk, you can add a users by making them part of the cvs group, also put the +s bitflag on the CVSROOT so they creat files under cvs group onership only.

Security tip:

make cvs users to be part only of cvs group, and give then shell=/bin/false, and no home dir.
Now you have multiple users over ssh with some security!

btw, the link in the last post is kind of broken, do you now a new one to the same document?
_________________
"Não existe nada completamente errado no mundo, até mesmo um relógio parado consegue estar certo duas vezes por dia..."
Back to top
View user's profile Send private message
tlaloctlaloc
Apprentice
Apprentice


Joined: 11 Feb 2004
Posts: 198
Location: Europe-In the heart of the Alps

PostPosted: Tue Mar 09, 2004 2:39 pm    Post subject: Reply with quote

I used this tutorial to set up cvs on my system today and the tests in this thread worked so far.
What I am having problems with is using it with Eclipse. First when I want to add a project to cvs with Team -> Share Project it tells me that the module exist already remotely and asks me if I want to synchronize the local project with the remote project. From here I can go by hitting twice OK, but when I finally want to commit I get this messages:

The server reported an error while performing the "cvs commit" command.
NameTransformations: cvs commit: failed to create lock directory for `/home/cvs/repository/NameTransformations' (/home/cvs/repository/NameTransformations/#cvs.lock): No such file or directory
NameTransformations: cvs commit: lock failed - giving up
NameTransformations: cvs [commit aborted]: lock failed - giving up

Has anyone an idea?
Thanks, Valentin.
Back to top
View user's profile Send private message
Starfox
Tux's lil' helper
Tux's lil' helper


Joined: 04 Sep 2002
Posts: 93

PostPosted: Tue Mar 09, 2004 8:52 pm    Post subject: Reply with quote

As i have no eclipse here i am not able to reproduce your problem. But maybe you want to try importing a project by hand (cvs import bla bla..). If that works then there is a problem with the eclipse module. If not then i have to think over my tutorial again :oops:

ciao sascha

PS: maybe you have to install ssh-askpass, this fixed my problems with a cvs plugin within kdevelop!
Back to top
View user's profile Send private message
chatgris
Guru
Guru


Joined: 14 Oct 2002
Posts: 383
Location: Canada

PostPosted: Thu Nov 18, 2004 9:46 pm    Post subject: Reply with quote

Just wondering.. I have successfulyl completed this setup locally.

However, I am trying to connect to this remotely and it's not working.. what port is used for this? I can ssh into my box normally via plain ssh.

to clarify, this works

cvs -d :ext:cvs3430@localhost:/home/cvs3430/repository checkout cis3430

but this doesn't from a remote machine

cvs -d :ext:cvs3430@24.112.179.69:/home/cvs3430/repository checkout cis3430

Thanks, Joshua Moore-Oliva
_________________
Open your mind. Open your source.

Due credit for avatar from http://www.aikida.net
Back to top
View user's profile Send private message
Starfox
Tux's lil' helper
Tux's lil' helper


Joined: 04 Sep 2002
Posts: 93

PostPosted: Fri Nov 19, 2004 7:27 am    Post subject: Reply with quote

Sorry,

i never had any situation like this! This problem isn`t used to happen :-(
Can you post some messages from /var/log/messages !?
bye fox
Back to top
View user's profile Send private message
chatgris
Guru
Guru


Joined: 14 Oct 2002
Posts: 383
Location: Canada

PostPosted: Sat Nov 20, 2004 12:50 am    Post subject: Reply with quote

Nothing is generated in /var/log/messages during the attempts.. It is like it can't get through my firewall, but I can ssh into my home machine from the outside.. just not get into cvs via from the outside? :(

Josh.
_________________
Open your mind. Open your source.

Due credit for avatar from http://www.aikida.net
Back to top
View user's profile Send private message
Starfox
Tux's lil' helper
Tux's lil' helper


Joined: 04 Sep 2002
Posts: 93

PostPosted: Sat Nov 20, 2004 8:10 am    Post subject: Reply with quote

chatgris wrote:
Nothing is generated in /var/log/messages during the attempts.. It is like it can't get through my firewall, but I can ssh into my home machine from the outside.. just not get into cvs via from the outside?


Then take a look at your firewall log!
bye fox
Back to top
View user's profile Send private message
javock
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jan 2004
Posts: 106
Location: Babeland... yeah! I wish!

PostPosted: Tue Dec 07, 2004 3:03 am    Post subject: Reply with quote

Kuartzer wrote:

make cvs users to be part only of cvs group, and give then shell=/bin/false, and no home dir.
Now you have multiple users over ssh with some security!


Hey kuartzer, I did what you say here but I cant get these new users to log (duh, it was the point) or use cvs for wich I belive that, using this method they should be able to...

Anyway, nice tutorial.
_________________
The heart has reasons that the reason will never understand.

-- La Renga. El final es donde partí
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum