[cvsnt] Securing pserver on CVSNT: tunneling with ssh
damien.moore at excite.com
Wed Aug 9 15:29:24 BST 2006
appreciate the responses
>I actually wonder if a local proxy would be useful - eg. you connect to
>localhost:2401 via pserver and it does the relevant handshake and
>connects in a secure manner. It's basically what extnt does I guess,
>but people do seem to have problems configuring that.
this was my approach, but with ssh instead of ssl. so are you telling me i
could do the same with an ssl client, but wouldn't need an SSL server? (or, in
other words, CVSNT is an SSL server). would i still be able to disable the
pserver plugin on the client? (I can't do this with my ssh hack)
A few more things I'm confused about:
1. In the CVSNT server control panel under the server settings tab, there is
an option for encryption. unless it's set to optional, neither pserver nor
sserver work for me. is this expected behavior? doesn't encryption need to be
specified with sserver to ensure security or have I completely misinterpreted
the use and meaning of this option?
2. What ports do I need to have open on my firewall to run sserver: both 2401
and 8003 or just 2401? (I tried with just 8003 but that didn't work)
3. Netbeans 5 seemed to work fine with :ext:user at server:/repos using its
internal shell from my laptop on the lan. I had the pserver plugin disabled,
but it wasn't clear to me that sserver was the protocol being used or how
secure it all was since both ports 8003 and 2401 were still open on the
firewall and it only worked with optional encryption in the server settings...
Join Excite! - http://www.excite.com
The most personalized portal on the Web!
More information about the cvsnt