[cvsnt] SSH
Erin Loy
ELoy at riverdeep.net
Wed Feb 4 08:16:28 GMT 2004
It would most likely need to be exposed on the Internet. I can have our IT
guys punch a hole in our firewall, but only if I can assure them (and
demonstrate) that the connection is secure. External users would probably
have local accounts on the machine, and internal users would use domain
credentials. SSH/SSL style encryption would be required, and forcing
authentication via an RSA style key would be even better. We already have
HTTP servers exposed to the Internet, but the CVS server is behind another
firewall, so it would be nice if I could put SSH on one of the exposed
servers and forward the traffic to the CVS box (I read something about that
being possible...), but it's not a requirement.
-Erin
-----Original Message-----
From: Glen Starrett
To: cvsnt at cvsnt.org
Sent: 2/3/2004 9:00 PM
Subject: Re: [cvsnt] SSH
Erin Loy wrote:
>Hi All,
>
>
>
>I'm fairly new to CVS, and could use some help on this one. We need
to
>work collaboratively with contractors in India, and I need to get CVSNT
>working securely enough to expose a proprietary repository to them on
the
>Internet. The documentation that I've used up to this point assumes a
lot
>about my knowledge of secure communications, and frankly I'm confused
at
>this point.
>
>
>
>Where should I start?
>
>
>
Good question.... very vague and hard to answer though. Are you on a
intranet (private link / VPN) to India, over the Internet, is encryption
required (if you already are using a VPN then the communication is
encrypted), etc.etc.
CVSNT supports a number of protocols, and most can be encrypted I
believe. You can tell the server to force encryption. You can have
source verification (e.g. SSH or SSL), there might be a way to do client
verification (would gserver help with that??).
I don't have the answers, but I could lead you to more questions... :)
--------------------
Glen Starrett
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
More information about the cvsnt
mailing list