Section 8.4. The ext and server Access Methods


8.4. The ext and server Access Methods

In my experience, ext is the most commonly used access method, and it is usually used with SSH. ext stands for external, which refers to an external (to CVS) rsh or remote shell program. This method uses a remote shell program to connect the sandbox client computer to the repository server computer. The server method is almost the same as the ext method. The only difference is that server uses a remote shell program that is included with CVS.

To use a program other than rsh with the ext connection method, the CVS_RSH environment variable on the client should be set to the name of the program and the directory containing the program should be in the user's PATH on the client computer. Alternatively, you can set the CVS_RSH environment variable to the absolute path to the program without modifying the PATH variable. You may also use the CVS_RSH method option, described in "Method Options" earlier in this chapter.

ext accepts any command-line-based program that can be called with the following syntax:

 program [-b] [-l username] host commands 

The program must run the commands in a remote shell and pipe standard input (stdin) and standard output (stdout) without filtering the content. The -b is necessary only if the program is running on OS/2 and is used to force rsh to run in binary mode, without end-of-file conversion. The -l username is used (by CVS) only if there is a username included in the repository path.

For the ext access method, the repository path format is:

 [:ext:][user@]hostname[:]/path 

The user needs a username on both the client computer and the server computer. If these names are the same, the user@ part of the repository path isn't needed. In versions of CVS prior to 1.11.1, the colon between hostname and path was required.

The user's PATH environment variable on the server must include the directory that contains the cvs executable, the user's CVS_SERVER environment variable on the client must contain the path to the cvs executable on the server, or the CVS_SERVER method option must be set to the path to the cvs executable on the server. If you're using PATH, this variable must be set in a configuration file, such as .cshrc or .bashrc, that is read by nonlogin shells.

The rsh (or rsh-like) program starts the cvs executable on the server computer, using the username and permissions of the user the rsh program has connected as. Any programs CVS calls (such as programs called from a scripting file) run with this username and access privileges.

As a trouble-prevention measure, before trying to use your rsh or rsh-like program with CVS, attempt to log in to the server with it, using the program [-b] [-l username] host commands command format, as shown in Example 8-2.

Example 8-2. Testing SSH for ext

 bash-2.05a$ ssh -l jenn helit ls jenn@helit's password: Mail MyMozilla MyPilot ... 

Neither the rsh nor the server methods use encryption, and both transmit a clear-text username and password to a valid user account on the repository server. For this reason, I strongly recommend that you use SSH or some other secured connection whenever you connect across an untrusted network. You should consider using a secured connection even on a trusted network. If there is any external connection to your network (even through a firewall), I recommend encrypting the connection.


Example 8-3 shows how to check out a sandbox using the ext access method.

Example 8-3. Using the ext access method

 bash-2.05a$ cvs -d :ext:jenn@cvs_server:/var/lib/cvs checkout wizzard cvs server: Updating wizzard U wizzard/Changelog U wizzard/INSTALL U wizzard/Makefile 

8.4.1. rsh

rsh is the default program used with the ext method. If no other program is specified in the CVS_RSH environment variable, CVS calls rsh. If rsh is not in the user's PATH on the client or is not available on the server, CVS cannot connect.

On the server, the user's .rhosts file in the user's home directory must have a line in the format client_name username, where client_name is the name of the client computer and username is the user's name on the client computer.

The rsh program provided with Windows NT (and later) modifies end-of-line characters and is unsuitable for use with CVS. In the HP-UX operating system, use the remsh program rather than rsh, as rsh is a different program entirely. Use the CVS_RSH environment variable to define the replacement programs for both operating systems.


8.4.2. The server Access Method

The server access method uses a version of rsh internal to CVS. The .rhosts file on the server must be set, as described in the preceding section on "rsh".

To determine whether the server access method is available, you can attempt to check out a sandbox with the method, as shown in Example 8-4.

Example 8-4. Testing for server mode

 bash-2.05a$ cvs -d :server:cvs_server:/var/lib/cvs checkout wizzard cvs [checkout aborted]: the :server: access method is not supported by this port of CVS 

The server method is not available in all operating systems. Both client and server must be able to run the internal rsh program.

8.4.3. SSH

Secure Shell (SSH) is an rsh replacement that encrypts the data stream. You can authenticate your SSH connection with a pair of keys (private and public) or with a password.

There are two SSH protocols: SSH1 and SSH2. The server must be running an SSH daemon that understands the protocol the client is using. SSH clients also come with a key-generation program that generates the private and public keys that will be used to encrypt the data stream.

To use SSH with CVS:

  1. Install an SSH client on the sandbox computer and a daemon on the repository server, as given in the instructions for your SSH programs (Linux and Mac OS X normally include openssh as part of the core installation). Ensure that the path to the SSH program is in the PATH environment variable on the client computer.

  2. Ensure that the server speaks the same protocol as the client. If the documentation for either program doesn't specify whether it uses SSH1 or SSH2, it probably uses the older SSH1 protocol.

  3. Ensure that the user has a username and password for the server as well as the client.

  4. (This step is optional.) Generate an SSH key for the client, using the key-generation program. Under openssh, this is ssh-keygen. Once you've run this command, you'll have two files in your ~/.ssh directory: id_rsa and id_rsa.pub. id_rsa is your private key: keep it secret, keep it safe. You'll need to copy the contents (it's one very long line) of id_rsa.pub (your public key) into the ~/.ssh/authorized_keys file on the server. Once you've done this, you'll be prompted for your public key's passphrase instead of your password on the server. You can avoid having to type your password over and over by running these commands:

     $ eval 'ssh-agent' $ ssh-add 

    When you run the second command, you'll be prompted for your passphrase. You should be able to execute SSH operations, including CVS commands, without being prompted again for your passphrase as long as your shell is open. The instructions differ for different versions of SSH.

  5. Test whether the connection works by attempting to log in to the server with the username from step 3, as shown in Example 8-5.

    Example 8-5. Connecting with SSH

     bash-2.05a$ ssh -l jenn helit Linux helit 2.4.19-686-smp #1 SMP Thu Aug 8 22:06:13 EST 2006 i686 unknown unknown GNU/ Linux . . . Last login: Tue Jul 15 17:43:40 2006 from 10.0.2.2 jenn@helit:~$ 

  6. Put the name of your SSH program (or its path) into the CVS_RSH environment variable on the client computer.

  7. Run CVS using ext as the method in the repository path, as shown in Example 8-3.

Example 8-5 shows a test connection to a server with an SSH client program, as described in step 5.

I recommend http://www.openssh.org and the FAQ file at http://www.openssh.org/faq.html as sources of information on SSH. This site also provides free SSH client and server programs.

8.4.4. Other Connection Programs

The ext method can run with any other program that calls a remote program in the way that rsh and ssh do. The program must not modify data in transit, and it must be called using the format:

 program [-b] [-l username] host commands 

If you wish to use Kerberos with CVS, you can use the Kerberos version of rsh to connect using the ext method. If you wish to use Kerberos more directly, use the kserver or gserver access methods.

If you need to call rsh or ssh with an option, write a shell script like the one in Example 8-6 and put the path to that shell script in your CVS_RSH variable. CVS invokes the shell script, which in turn invokes rsh or ssh with the options you desire.

Example 8-6. Invoking ssh with command-line options

 #! /bin/bash exec ssh -F ~/.sshconf "$@" 




Essential CVS
Essential CVS (Essentials)
ISBN: 0596527039
EAN: 2147483647
Year: 2006
Pages: 148

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net