:: MacCVSClient :: User Guide | |
MacCVSClient and SSH on Classic Mac OS |
This page covers Classic Mac OS SSH issues. There is a separate page for information on Mac OS X SSH. If you need to access CVS repositories over the internet with good security, you can use SSH encryption software as an intermediary between MacCVSClient and CVS server. To make all this work, SSH server software needs to be installed on the CVS server machine. Additionally, you need to set up an SSH client on your Macintosh. On this page I will explain details about how to configure Classic Mac OS based SSH clients so you can use them to access CVS servers. Instructions on how to get an SSH server installed and running on the CVS server is beyond this MacCVSClient manual. Please find out elsewhere; if you know a good source of information about this, please let me know and I'll link to it. |
SSH Clients on Classic Mac OS |
There is a good handful of SSH implementations on the Mac. For use with MacCVSClient, you need an SSH client that supports port tunneling. As far as I know, there are currently these SSH implementations available on the Mac that do support it (if I am missing some here, please let me know): F-Secure SSH by Data Fellows for the Mac is a commercial product; the evaluation version (1.0 Trial) that I tried supported SSH1 only. I understand there is a new version out by now that supports SSH2 only. I have never used it. Mindterm by Mindbright Software AS is a GPL'ed (and thus free) Java based SSH1 implementation. MacSSH by Jean-Pierre Stierlin is a GPL'ed SSH2 client. Mac OS based SSH implementations that currently can't be used and why not: NiftyTelnet SSH (as of 1.1 SSH r3) by Jonas Walldén does not support port tunneling and therefore can't be used for our purpose. |
Port Tunneling in SSH |
A way to use SSH is through "port tunneling". Here, your SSH on the Mac connects to the SSH on or near the CVS server. SSH can then pretend to offer services on the Mac side and not really offer these services but tunnel them through the SSH connection and connect to the service in question on the computer on the far side of the SSH connection. This way, our local end of the SSH connection "looks like" the server on the remote end of the SSH connection has on the other end (if we only take the tunneled ports into account). The connection is transparent, i.e. MacCVSClient will not know about it. The price you are paying for security is that the connection is slower than normal because the whole data stream is encrypted. |
Tunneling CVS pserver |
Suppose, we want to use CVS in "pserver" mode with the CVS server running on machine "dodo" on port 2401 (the default port for pserver CVS). Say also we cannot connect directly because the CVS pserver service on "dodo" is not accessible securely from our machine (or not accessible at all, blocked for security reasons that is). Assume at last, that luckily, there is SSH running on "dodo" and you can connect to it with the chosen Mac implementation of SSH. Now you have to set up a "tunneled" port in SSH on our Mac. The remote host is "dodo", both local and remote ports are 2401. Note that you can choose any number you like for the local port. For simplicity's sake, let's use the standard one. It is crucial that you choose the proper remote port, though. Otherwise, you won't be able to connect to the CVS service on the remote server. After you have connected to the remote server with SSH and your port tunneling is running, you have to set up a new MacCVSClient Login Profile for this SSH connection. Here, you will not use the remote server's name as CVS server but your own machine. You can point MacCVSClient to yourself by entering "127.0.0.1" in the CVS server field. The port will be the local port that you used in the SSH port tunneling setup as described above. MacCVSClient stores machine name, port, and connection method in the CVS files of checked out modules. |
Tunneling CVS RSH (MacSSH, Sourceforge) |
Here is how you can tunnel CVS RSH over MacSSH to access repostories such as the ones hosted at Sourceforge. Remember to replace the root (here /cvsroot/maccvsclient) and user (here jbu) in the example MacCVSClient login profile. Please also refer to the explanation of throughput limiting. |
And here the corresponding MacSSH settings to enable RSH over SSH tunneling. Obviously you have to replace here as well the host name (here cvs.sourceforge.net) and user name (here jbu) with your values. The following screenshots are taken from MacSSH 2.1fc3. |
Quirks |
If you are using F-Secure SSH, you might have to disable the "Allow local connections only" option in the port tunneling settings. F-Secure SSH doesn't seem to accept connections from MacCVSClient otherwise, if you specify "127.0.0.1" as the generic address of your machine. Be aware however, that disabling this access protection could pose a (possibly serious?) security risk. |
Rev. 1.8 | Legal Copyright © 2000-2004 Jörg Bullmann |