Connecting to a internal CVS repository from the office and home with no VPN
February 23, 2007
Have you ever had the need to access an internal CVS repository from the office and from home or any other place outside your organization’s intranet? This is something I have been doing for quite a while now as I work from home from time to time.
We don’t use any kind of VPN as we don’t have the necessary hardware to set it up properly but I have access to an internal machine from home through ssh that then allows me to connect to the CVS machine.
The tip is to create a SSH tunnel to connect to the CVS machine (I use ssh to access CVS). That way, your CVS repository is always accessed through a port opened in your localhost and so it looks the same to applications regardless of how you connect to the CVS repository.
Imagine the following scenario:
My laptop hostname is laptop.domain, the CVS server is cvs.domain and the machine I use to connect to the intranet from home is gateway.domain.
When I am at home I create the following tunnel (replace username with your login name in gateway.domain):
ssh -L2222:cvs.domain:22 firstname.lastname@example.org
When I am in the office I create the following tunnel:
ssh -L2222:cvs.domain:22 laptop.domain
Note that you MUST NOT replace laptop.domain with localhost in the second ssh tunnel. If you do that, the SSH key associated to localhost will be your laptop’s one and this will prevent you from making a ssh connection to cvs.domain through the tunnel because the SSH host key that will be reported will be the cvs.domain’s one that will conflict with the the SSH key already registered (you laptop’s one) and therefore the client will refuse to open the connection.
To make things easier I have created two aliases that I add to my .bashrc or .alias or .bash_aliases depending on your GNU/Linux distribution:
alias cvs_home=’ssh -L2222:cvs.domain:22 email@example.com’
alias cvs_office=’ssh -L2222:cvs.domain:22 laptop.domain’
When you configure the repository in your CVS client specify:
- host: localhost
- port: 2222
- connection protocol: ext:ssh or ssh