Remote access to Concurrent Versions System (CVS) via the :pserver: method sends passwords across the network. This problem can be corrected by using CVS built with Kerberos. If a Kerberos infrastructure is not available, either encrypt the :pserver: link somehow, or instead connect to CVS via Secure Shell (SSH).
Accessing CVS via SSH requires several configuration changes. These notes assume a Bourne compatiable shell is being used.
- Set the CVS_RSH environment variable.
- Use :ext: for CVSROOT.
For better portability, Unix shells can lookup the username on the fly, allowing the CVSROOT to be set in a common /etc/bashrc, assuming the remote username is the same as the local one for each user.
export CVSROOT=:ext:$(id -un)@server.example.org:/cvs
ssh will prompt for a password on each CVS operation. This can be avoided by using a different authentication method, such as public key authentication or Kerberos.
CVS_RSH must point to an executable, and will not accept options. To customize the command, point CVS_RSH at a wrapper script, such as the example cvs_rsh script.