[cvsnt] Problem in debian
Claudio Guzman
cguzmana at gmail.com
Tue Feb 24 20:56:23 GMT 2009
My config is stored in /etc/cvsnt files PServer and Plugin
edit inetd.conf adding line "cvspserver stream tcp nowait root /usr/bin/cvs"
key generated with:
$openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out
cacert.pem -days 3650
Pserver config:
Repository0=/usr/local/cvsroot
Repository0Name=/cvsroot
Repository0Description=Repositorio Rembox
Repository0Default=0
Repository0Publish=0
Repository0Online=0
EncryptionLevel=0
CompressionLevel=0
# CertificateFile PEM certificate for use with sserver
# PrivateKeyFile PEM certificate for use with sserver
CertificateFile=/etc/cvsnt/cert.pem
PrivateKeyFile=/etc/cvsnt/key.pem
LockServerLocal=0
ReadOnlyServer=1
Plugin config:
PserverProtocol=0 # Original pserver
SserverProtocol=0 # SSL encrypted pserver
telnet 190.21.50.231 2401
Trying 190.21.50.231...
telnet: Unable to connect to remote host: Connection refused
desarrollo:~# telnet 190.21.50.231 2402
Trying 190.21.50.231...
Connected to 190.21.50.231.
Escape character is '^]'.
CVSLock 2.2 Ready
##### LOG ##########
cvs -t -d :sserver:demo:demo at 190.21.50.231:2402:$CVSROOT/demo login
16:45:48: -> Tracelevel set to 1. PID is 20884
16:45:48: -> Session ID is 519449a44e6c6687
16:45:48: -> Session time is Tue Feb 24 19:45:48 2009
16:45:48: -> main loop with
CVSROOT=:sserver:demo:demo at 190.21.50.231:2402:/usr/local/cvs/demo
Logging in to :sserver:demo at 190.21.50.231:2402:/usr/local/cvs/demo
CVSLock 2.2 Ready
cvs [login aborted]: Connection to server failed
cvs -t -d :sserver:demo:demo at 190.21.50.231:2402:$CVSROOT login
16:46:00: -> Tracelevel set to 1. PID is 20902
16:46:00: -> Session ID is 51a649a44e78d5f9
16:46:00: -> Session time is Tue Feb 24 19:46:00 2009
16:46:00: -> main loop with
CVSROOT=:sserver:demo:demo at 190.21.50.231:2402:/usr/local/cvs
Logging in to :sserver:demo at 190.21.50.231:2402:/usr/local/cvs
CVSLock 2.2 Ready
cvs [login aborted]: Connection to server failed
#########################################################
I need working with SSL
thx
Regards
2009/2/24 Jack, Cao Cu <user at domain.invalid>:
> Hi Claudio,
>
> Please check file "cvsnt" in /etc/xinet.d/cvsnt and "xinetd.conf" or
> "inetd.conf" on the server.
> Example :
> CVSNT file:
> -----------
> service cvspserver
> {
> socket_type = stream
> wait = no
> server = /usr/bin/cvsnt
> server_args = --allow-root=/demo -f pserver
> env = 'HOME=/demo'
> log_type = FILE /var/log/cvspserver
> groups = yes
> log_on_failure += USERID
> flags = REUSE IPv6
> mdns = no
> disable = no
> user = root
> }
>
> NOTE : Note especially the "server" and "server_args". Wrong information
> here will result in "connection actively refused" when trying to
> authenticate. If you're using normal inetd, not xinetd, read the section
> following this.
>
> xinetd.conf or inetd.conf file :
> -------------
> cvspserver stream tcp nowait root /usr/bin/cvs
> cvs --allow-root=/demo authserver
>
>
> Check login : telnet 192.168.24.105 2401
>
> With pserver and sserver, the passwords are stored on the client side in a
> trivial encoding of the cleartext and in the pserver case transmitted in the
> same encoding. The encoding is done only to prevent inadvertent password
> compromises (i.e., a system administrator accidentally looking at the file),
> and will not prevent even a naive attacker from gaining the password. With
> Sserver, the client/server connection is encrypted using SSL, and the risk
> of the password being sniffed on the wire is very low.Do you have created a
> certificate for cvsnt?
>
>
> Claudio Guzman wrote:
>>
>> other question, for cvs access to the user also has to take into
>> account the debian. and as if the protocol is running sserver?
>> Example:
>> Client:
>> $ cvs -d :sserver:demo:demo at 192.168.24.105:/demo login
>> Logging in to :sserver:demo at 192.168.24.105:2401:/demo
>> connect to 192.168.24.105:2401 failed:
>>
>> Server log auth.log
>> Feb 23 16:06:04 desarrollo sshd[2898]: Failed password for invalid
>> user demo from 192.168.24.107 port 58961 ssh2
>>
>>
>>
>> 2009/2/21 <user at domain.invalid>:
>>>
>>> Hi Claudio,
>>>
>>> On Server:
>>> PServer and Plugin
>>>
>>> Vi /etc/cvsnt/Plugins
>>> #EnumProtocol=1 # Remote enumeration (info -r)
>>> #GserverProtocol=1 # GSSAPI
>>> PserverProtocol=1 # Original pserver
>>> SserverProtocol=1 # SSL encrypted pserver
>>> #SspiProtocol=1 # SSPI (via Winbind, if configured)
>>> #SyncProtocol=1 # Server sync
>>> #AuditTrigger=0 # Audit events to database
>>> #EmailTrigger=0 # Send emails
>>> #CheckoutTrigger=0 # Enable CVSROOT/shadow
>>>
>>> - Vi /etc/cvsnt/PServer and change:
>>> #
>>> AuditLogSessions=1 # All server connections/commands
>>> #AuditLogCommits=0 # Log changes due to commits
>>> #AuditLogDiffs=0 # Store diffs in commit log
>>> #AuditLogTags=0 # Log tagging operations
>>> AuditLogHistory=1 # Log cvs history
>>> #
>>> You will create a key PEM
>>> CertificateFile=/etc/cvsnt/cert.pem
>>> PrivateKeyFile=/etc/cvsnt/key.pem
>>> And change :
>>> #CertificatesOnly=0
>>> Repository0=/home/database
>>> Repository0Name=/database >> Repository0Name=/database
>>> On Client :
>>> You install cvsnt and cvsnt-protocol-sserver on CVS Client.
>>>
>>> Claudio Guzman wrote:
>>>>
>>>> please PServer settings and Plugin, I can not make the client connects
>>>> to the server remotely by :sserver:
>>>>
>>>> Thanks.
>>>
>>> _______________________________________________
>>> cvsnt mailing list
>>> cvsnt at cvsnt.org
>>> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>>>
>>> Upgrade to CVS Suite for more features and support:
>>> http://march-hare.com/cvsnt/
>>>
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt
>
> Upgrade to CVS Suite for more features and support:
> http://march-hare.com/cvsnt/
>
More information about the cvsnt
mailing list