[cvsnt] Securing pserver on CVSNT: tunneling with ssh

David Somers dsomers at omz13.com
Thu Aug 10 14:42:27 BST 2006

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Damien Moore wrote:

Note: Excite really garbled your message. Groan.

>  Another problem is if I have port 2401 open,
>  pserver switched off, require encryption turned on, but I accidentally
>  cvs -d :pserver:user"at"repos:/repos login (instead of sserver) its not
>  clear to me that the password isn't being sent down the insecure channel
>  despite the failure of login - i get a nondescript -1 error. (with only
>  require authentication turned on it seems that i can
> actually login with pserver, just can't run commands). Can you confirm
> that the password isn't being sent down the unsecure channel in this
> scenario?

Sorry to say, when you use pserver, by accident or otherwise, your password
will be exposed (albeit in a trivially encoded manner).

You could avoid this by, either:
1. Not installing the pserver protocol on your client machine. (If the
protocol isn't there you can't accidentally use it... but you then won't be
able to use pserver to connect to any anonymous sites).
2. Connect indirectly via a proxy which munges from pserver to sserver... I
just posted a message to this list about my cvssproxy add which does just
that :-)

David Somers

More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook