8.3 The ext and server Access Methods

   

8.3 The ext and server Access Methods

In my experience, ext is the most commonly used access method, and it is usually used with SSH. ext stands for external, which refers to an external (to CVS) rsh or remote shell program. This method uses a remote shell program to connect the sandbox client computer to the repository server computer. The server method is almost the same as the ext method. The only difference is that server uses a remote shell program that is included with CVS.

To use a program other than rsh with the ext connection method, the CVS_RSH environment variable on the client should be set to the name of the program and the directory containing the program should be in the user 's PATH on the client computer. Alternatively, you can set the CVS_RSH environment variable to the absolute path to the program, without modifying the PATH variable.

ext accepts any command line-based program that can be called with the following syntax:

 program [-b] [-l username] host commands 

The program must run the commands in a remote shell and pipe standard input ( stdin ) and standard output ( stdout ) without filtering the content. The -b is necessary only if the program is running on OS/2 and is used to force rsh to run in binary mode, without end-of-file conversion. The -l username is used (by CVS) only if there is a username included in the repository path.

For the ext access method, the repository path format is:

 [:ext:][   user   @]   hostname   [:]/   path   

The user needs to have a username on both the client computer and the server computer. If these names are the same, the user@ part of the repository path isn't needed. In versions of CVS prior to 1.11.1, the colon between hostname and path was required.

Either the user's PATH environment variable on the server must include the directory that contains the cvs executable, or the user's CVS_SERVER environment variable on the client must contain the path to the cvs executable on the server. If you're using PATH , this variable must be set in a configuration file, such as . cshrc or .bashrc , that is read by nonlogin shells .

The rsh (or rsh -like) program starts the cvs executable on the server computer, using the username and permissions of the user the rsh program has connected as. Any programs CVS calls (such as programs called from a scripting file) run with this username and access.

As a trouble-prevention measure, before trying to use your rsh or rsh -like program with CVS, attempt to log into the server with it, using the program [-b] [-l username] host commands command format, as shown in Example 8-2.

Example 8-2. Testing SSH for ext
 bash-2.05a$  ssh -l jenn helit ls  jenn@helit's password:  Mail MyMozilla MyPilot ... 

Neither the rsh nor the server methods use encryption, and both transmit a clear-text username and password to a valid user account on the repository server. For this reason, I strongly recommend you use SSH or some other secured connection whenever you connect across an untrusted network. You should consider using a secured connection even on a trusted network. If there is any external connection to your network (even through a firewall), I recommend encrypting the connection.

Example 8-3 shows how to check out a sandbox using the ext access method.

Example 8-3. Using the ext access method
 bash-2.05a$  cvs -d :ext:jenn@cvs:/var/lib/cvs checkout wizzard  cvs server: Updating wizzard U wizzard/Changelog U wizzard/INSTALL U wizzard/Makefile 

8.3.1 rsh

rsh is the default program used with the ext method. If no other program is specified in the CVS_RSH environment variable, CVS calls rsh . If rsh is not in the user's PATH on the client or not available on the server, CVS cannot connect.

On the server, the user's .rhosts file in the user's home directory must have a line in the format client_name username , where client_name is the name of the client computer and username is the user's name on the client computer.

The rsh program provided with Windows NT modifies end-of-line characters and is unsuitable for use with CVS. In the HP-UX 9 operating system, use the remsh program rather than rsh , as rsh is a different program entirely. Use the CVS_RSH environment variable to define the replacement programs for both operating systems.

8.3.2 The server Access Method

The server access method uses a version of rsh internal to CVS. The .rhosts file on the server must be set, as described in Section 8.3.1 of this chapter.

To determine whether the server access method is available you can attempt to check out a sandbox with the method, as shown in Example 8-4.

Example 8-4. Testing for server mode
 bash-2.05a$  cvs -d :server:cvs:/var/lib/cvs checkout wizzard  cvs [checkout aborted]: the :server: access method is not supported by this port of CVS 

The server method is not available in all operating systems. Both client and server must be able to run the internal rsh program.

8.3.3 SSH

Secure Shell (SSH) is an rsh replacement that encrypts the data stream. You can authenticate your SSH connection with a pair of keys (private and public) or with a password.

There are two SSH protocols: SSH1 and SSH2. The server must be running an SSH daemon that understands the protocol the client is using. SSH clients also come with a key-generation program that generates the private and public keys that will be used to encrypt the data stream.

To use SSH with CVS:

  1. Install an SSH client on the sandbox computer and a daemon on the repository server, as given in the instructions for your SSH programs. Ensure that the path to the SSH program is in the PATH environment variable on the client computer.

  2. Ensure that the server speaks the same protocol as the client. If the documentation for either program doesn't specify whether it uses SSH1 or SSH2, it probably uses the older, SSH1 protocol.

  3. Ensure that the user has a username and password for the server as well as the client.

  4. Generate an SSH key for the client, using the key-generation program. You may add the key to the user's home directory on the server, as explained in the documentation for your SSH program. If you do so, the user won't need to provide a password when connecting with SSH. This step is optional.

  5. Test whether the connection works by attempting to log in to the server with the username from step 3, as shown in Example 8-5.

  6. Put the name of your SSH program (or its path) into the CVS_RSH environment variable on the client computer.

  7. Run CVS using ext as the method in the repository path, as shown in Example 8-3.

Example 8-5 shows a test connection to a server with an SSH client program, as described in step 5.

Example 8-5. Connecting with SSH
 bash-2.05a$  ssh -l jenn helit  Linux helit 2.4.19-686-smp #1 SMP Thu Aug 8 22:06:13 EST 2002 i686 unknown unknown GNU/ Linux . . . Last login: Tue Oct 15 17:43:40 2002 from 10.0.2.2 jenn@helit:~$ 

I recommend http://www.openssh.org/ and the FAQ file at http://www.openssh.org/faq.html as sources of information on SSH. This site also provides free SSH client and server programs.

8.3.4 Other Connection Programs

The ext method can run with any other program that calls a remote program in the way that rsh and ssh do. The program must not modify data in transit, and it must be called using the format:

   program   [-b] [-l   username   ]   host commands   

If you wish to use Kerberos with CVS, you can use the Kerberos version of rsh to connect using the ext method. If you wish to use Kerberos more directly, use the kserver or gserver access methods.

If you need to call rsh or ssh with an option, write a shell script like the one in Example 8-6 and put the path to that shell script in your CVS_RSH variable. CVS will invoke the shell script, which in turn will invoke rsh or ssh with the options you desire .

Example 8-6. Invoking ssh with command-line options
 #! /bin/bash exec ssh -F ~/.sshconf "$@" 

   
Top


Essential CVS
Essential CVS (Essentials)
ISBN: 0596527039
EAN: 2147483647
Year: 2003
Pages: 152

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net