Previous Section  < Day Day Up >  Next Section

Recipe 18.11. Accessing a Remote CVS Repository

18.11.1 Problem

You have your CVS server all set up and ready to go; now how do you give users secure, remote access?

18.11.2 Solution

Use OpenSSH. OpenSSH is the simplest, most secure method for accessing your CVS repository, both over your LAN and over the Internet. If you set up OpenSSH right from the start, you'll have only a single connection and authentication method to maintain for all remote connectivity. (See Chapter 17 to learn how to set up OpenSSH.)

Follow these steps to connect via SSH:

  1. Install and configure OpenSSH on all hosts (the CVS server, and everyone who is going to connect to it).

  2. Run OpenSSH on the CVS server in daemon mode.

  3. Make sure that all users have login accounts on the CVS server.

  4. Set up your keys, and test SSH logins to the server.

  5. On the users' PCs, add this line to their ~./cvsrc files, or create ~./cvsrc files for them:

    CVS_RSH  SSH

    Suppose the remote CVS server is cvs.project.net. You would connect to the repository like this, from the parent directory of your local sandbox:

    $ cvs -d :ext:jenn@cvs.project.net:/cvsroot checkout scripts

jenn@cvs.project.net's password:

    If the CVS server is on your LAN, all you need is the hostname or IP address:

    $ cvs -d :ext:jenn@cvs:/cvsroot checkout scripts

18.11.3 Discussion

If you have NFS implemented, you might be tempted to create NFS shares for your CVS repository. Don't do this. NFS is not secure, you'll encounter permissions hell, and there is a risk of data corruption. Also, it makes it too easy for users to accidentally delete CVS files.

OpenSSH gives you a number of methods for logging into remote hosts. You can use system logins, or (even easier) you can authenticate via public/private key pairs. Use the keychain program to handle key authentication for security and convenience, so you won't have to enter a password or passphrase at all (see Recipe Recipe 17.7).

OpenSSH encrypts the entire session—login and transport. It's easy to implement, and using the same mechanism for both LAN and Internet access simplifies the job of administering the CVS server.

18.11.4 See Also

    Previous Section  < Day Day Up >  Next Section