We're presenting a set of scripts to manage CVS repositories accessed thru SSH in chroot jails. These scripts are based on the document Chrooted SSH CVS server HOW-TO - DRAFT version by Olivier Berger and Olivier Tharan from IDEALX.
Abstract. This document describes the steps necessary to setup a very network-secure CVS server, allowing SSH access to a CVS repository. It is then possible to have multiple repositories on the same server, each one in its own protected directory tree (chrooted). The use of SSH (with CVS_RSH) as a transport mechanism for CVS (instead of having a CVS pserver and SSH tunneling between client and server) allows much more secure and flexible use on the client side (provided SSH is installed, of course). The shell accounts necessary for SSH to run are disabled in order to allow only remote access to CVS. Both read-only (and even anonymous, i.e. with a known password or even no password at all) and read-write access can be granted, depending on the user accounts.
These scripts are available under the GPL.
Sample:
make-project ProjectName make-user ProjectName --read-only Visitor --read-write Dev1 Dev2 make-module ProjectName Module1 Module2
Then the users may access the repositories with:
export CVS_RSH=ssh export CVSROOT=:ext:Dev1@cvs.example.com:/cvs cvs checkout Module1
This is a new version, now tested on:
with some glitches corrected.
Chrooted SSH CVS Server Management Scripts
Mirrors | France | Germany |
---|---|---|
chrooted-ssh-cvs.README.gz (3899 bytes) |
Download (HTTP) |
Download (FTP) |
chrooted-ssh-cvs.README.gz.md5sum (76 bytes) |
Download (HTTP) |
Download (FTP) |
chrooted-ssh-cvs.tar.gz (22563 bytes) |
Download (HTTP) |
Download (FTP) |
chrooted-ssh-cvs.tar.gz.md5sum (73 bytes) |
Download (HTTP) |
Download (FTP) |