This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: Re: ssh setup/tuning From: dave-mlist@bfnet.com Date: 02 Apr 1999 16:25:15 -0800 Hey Chris, I noticed your post on the redhat list. Welcome! Chris> I am still very much open to ssh tips, tricks and gotchas. Biggest gotcha: people re-enabling telnet/rlogin et cetera in inetd.conf Favorite solution: delete telnetd etc. and get rid of inetd completely! My favorite tip is running CVS over SSH. That way you can do distributed development without leaking passwords. Here's how to do it: # step 1 (once): on CVSROOT host, run pserver under DJB's # supervise/tcpserver /usr/local/bin/supervise /home/cvs/supervise \ /usr/local/bin/tcpserver -v -u 5004 -g 5004 \ -x/etc/tcp.cvs.cdb 0 2401 /usr/bin/cvs -b /usr/bin pserver # step 2: (once): also on CVSROOT host, give user cvs an authorized # key file with your real user key su cvs ssh-keygen cat my-ssh-public-key > /home/cvs/.ssh/authorized_keys # step 3: (once a day) go to remote host of user who's pubkey was # inserted above, and forward the port ssh -L 2401:cvs.server.somewhere.com:2401 cvs.server.somewhere.com <insert passphrase> # step 4: (once a day) in a different shell on the remote machine, cvs -d :pserver:myname@localhost:/home/cvs/cvsroot login It took me a couple of days to figure that out... But now I just have the last two steps in my remote users' .login file.