[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-15 23:53:04 CEST

Mark Benedetto King <bking@answerfriend.com> writes:
> You're leaving out that CVS_RSH=ssh does not create an unathenticated
> tunnel from a potentially untrusted environment into the trusted one.
>
> While you're doing your "svn up" over a port-forwarded tunnel, an
> attacker can utilize the same channel to their own nefarious ends.
>
> SSL solves this problem. So would an in-band ssh connection, like
> CVS_RSH's.
>
> If SSL isn't an option, and neither is enhancing neon to hide
> the SSH part, the best I can come up with is "ra_ssh", which
> would need some command-line support (in the same vein as
> "cvs server"). This may be more trouble than it is worth.

I don't know if it is more trouble than it is worth -- it will make
things easier for many people using SSH and CVS currently.

Perry

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Apr 15 23:54:47 2002

This is an archived mail posted to the Subversion Dev mailing list.