Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-15 23:53:04 CEST

Mark Benedetto King <bking@answerfriend.com> writes:
> You're leaving out that CVS_RSH=ssh does not create an unathenticated
> tunnel from a potentially untrusted environment into the trusted one.
>
> While you're doing your "svn up" over a port-forwarded tunnel, an
> attacker can utilize the same channel to their own nefarious ends.
>
> SSL solves this problem. So would an in-band ssh connection, like
> CVS_RSH's.
>
> If SSL isn't an option, and neither is enhancing neon to hide
> the SSH part, the best I can come up with is "ra_ssh", which
> would need some command-line support (in the same vein as
> "cvs server"). This may be more trouble than it is worth.

I don't know if it is more trouble than it is worth -- it will make
things easier for many people using SSH and CVS currently.

Perry

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Apr 15 23:54:47 2002

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: ssh based access?"
Previous message: Kevin Pilch-Bisson: "Re: ssh based access?"
In reply to: Mark Benedetto King: "Re: ssh based access?"
Next in thread: lodewijk_at_reddwarf.xs4all.nl: "Re: ssh based access?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]