I discovered a way to get through a firewall with CVS. I doubt this is
anything new, but I thought it might be interesting to some people out
there. The basic idea is to use ssh tunnels from a gateway machine
Requirements:
0. A gateway machine that you can telnet/ssh to that has access to
machines both inside and outside the firewall. This machine needs to
have ssh installed.
1. The cvs repository needs to be set up as a password server. You
may worry about security, but as a side effect of this method, your
password is encrypted when you send it to the server.
2. The repository machine and the working machine must both be running
ssh daemons.
How do it:
1. Open 2 telnet sessions to the gateway machine (call it gw).
2. In one do:
ssh -l <REPUSER> -L <PORT>:localhost:2401 <REPMACHINE>
where <REPUSER> is your account name on <REPMACHINE>, which is where
the CVS repository lives. You will have to enter your password for the
account on the <REPMACHINE> (which may or may not be the same as your
CVS password). <PORT> is any user port (like 6000 or 2401)
3. In the other do:
ssh -l <USER> -R 2401:localhost:<PORT> <MACHINE>
where <USER> is your account name on <MACHINE>, the machine where you
want to work. <PORT> is the same port number you gave above.
4. Login to the server (do this on the working machine)
cvs -d :pserver:<CVSUSER>@localhost:<REPPATH> login
You will be prompted for your CVS password.
5. Checkout sources
cvs -d :pserver:<CVSUSER>@localhost:<REPPATH> checkout <MODULE>
where <CVSUSER> is your cvs user name, <REPPATH> is the path to the
repository, and <MODULE> is the module you want to check out.
5. After checkout, you can use regular cvs commands (without the -d)
while you are in your working directories.
The bad part of this is that you have to take over a port on the
gateway machine, so this won't scale to lots of users. It's useful as
a way to get around the firwall without having to deal with sysadmins
:-)
Also, if anyone sees any security concerns with this, let me know.
Thanks. Hope this is helpful.
--
Patrick Riley
Draper Laboratories Summer Staff Member
Ph.D. Student, Carnegie Mellon University
http://www.cs.cmu.edu/~pfr
