Remote access to Concurrent Versions System (CVS) via the :pserver: method sends passwords across the network. This problem can be corrected by using CVS built with Kerberos. If a Kerberos infrastructure is not available, either encrypt the :pserver: link somehow, or instead connect to CVS via Secure Shell (SSH).

Accessing CVS via SSH requires several configuration changes. These notes assume a Bourne compatiable shell is being used.

  1. Set the CVS_RSH environment variable.
  2. CVS_RSH=/usr/bin/ssh
    export CVS_RSH

  3. Use :ext: for CVSROOT.
    export CVSROOT

    For better portability, Unix shells can lookup the username on the fly, allowing the CVSROOT to be set in a common /etc/bashrc, assuming the remote username is the same as the local one for each user.

    export CVSROOT=:ext:$(id -un)

ssh will prompt for a password on each CVS operation. This can be avoided by using a different authentication method, such as public key authentication or Kerberos.

CVS_RSH must point to an executable, and will not accept options. To customize the command, point CVS_RSH at a wrapper script, such as the example cvs_rsh script.

export CVS_RSH=$HOME/bin/cvs_rsh