Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to email@example.com.
So I upgraded my cvsnt server to 2.0.4; now looking into encryption and the new sserver stuff... C:\builds\temp>cvs -d :sserver:server2:/ewcode version Client: Concurrent Versions System (CVSNT) 2.0.4 (client/server) Server: Concurrent Versions System (CVSNT) 2.0.4 (client/server) To enable sserver or sspi over the internet, I open 2401 to the outside, correct? pserver, sserver, sspi, they all run on that port, correct? So I set my server to "require encryption", then tested pserver to verify that it is secure... C:\builds\temp>cvs -d :pserver:server2:/ewcode login Logging in to :pserver:Keith at server2:2401:/ewcode CVS password: ***************** cvs [login aborted]: authorization failed: server server2 rejected access to /ewcode First try: wrong password. Oops, but look, the server rejected it. Does that mean my password traversed the internet? C:\builds\temp>cvs -d :pserver:server2:/ewcode login Logging in to :pserver:Keith at server2:2401:/ewcode CVS password: ***************** Correct password, works this time... C:\builds\temp>cvs -d :pserver:server2:/ewcode co ebms\ebmscucf cvs [checkout aborted]: This protocol does not support encryption But now a checkout. Finally, the encryption error hits, but methinks it is too late... I am more concerned about my domain passwords being um, "borrowed" than I am about my code being "borrowed", because we have an RDP port hanging open, and I am domain admin... Very bad if people "borrow" my password. Fortunatly I know enough to test on the LAN *before* opening the port on the external interface... Also, as far as security: If I set the server to "require encryption" :spi: still seems to work. There have been reports (in the past) that windows authentication was "not good". People deriding M$'s built in auth. in internet explorer and IIS because it was dangerous, esp. w/ domain passwords. Anybody know anything about this???? Also, one more question: what is the cipher strength of the various protocols - sserver, sspi - as compared to cygwin ssh? keith d. zimmerman, mcsd eagle solutions