[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] administration/content/gnu-content/faq CVS_-_Ho...
|
From: |
Sylvain Beucler |
|
Subject: |
[Savannah-cvs] administration/content/gnu-content/faq CVS_-_Ho... |
|
Date: |
Sat, 17 Dec 2005 11:00:07 +0000 |
CVSROOT: /cvsroot/administration
Module name: administration
Branch:
Changes by: Sylvain Beucler <address@hidden> 05/12/17 11:00:07
Modified files:
content/gnu-content/faq:
CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt
Log message:
Updated URLs, added a section about manual testing, insisted about
contacting the local sysadmin, usd 'EOF' instead of EOF to prevent unwanted
bash substitutions, and various clean-ups
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/administration/administration/content/gnu-content/faq/CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt.diff?tr1=1.4&tr2=1.5&r1=text&r2=text
Patches:
Index:
administration/content/gnu-content/faq/CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt
diff -u
administration/content/gnu-content/faq/CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt:1.4
administration/content/gnu-content/faq/CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt:1.5
---
administration/content/gnu-content/faq/CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt:1.4
Tue Dec 13 21:49:14 2005
+++
administration/content/gnu-content/faq/CVS_-_How_can_I_access_a_repository_from_behind_a_firewall_or_proxy.txt
Sat Dec 17 11:00:07 2005
@@ -4,7 +4,7 @@
<p>First, this documentation is <i>complainware</i>. It means that you
can freely use it provided you complain to your local system
administrator, or to your Internet Service Provider (ISP), if you are
-using a restrictive Internet environment as described below.
+using a restrictive Internet environment as described below.</p>
<p>This FAQ is about a system we had to setup so that people behind
restrictive firewalls, or proxies, or ISP that blocks some ports, can
@@ -14,10 +14,10 @@
<p>There is no security issue in allowing people to access a remote
CVS repository, or more generaly a remote SSH server. It is rather a
matter of policy, when administrators decide what kind of action they
-allow their users to perform. For example, some ISPs decide to block
-outgoing traffic to port 25 (smtp) so as to prevent people to send
-mail from anything else than their SMTP smarthost and hopefully fight
-spam.</p>
+allow their users to perform. For example, some ISPs decided to block
+outgoing traffic to port 25 (smtp) so as to keep people from sending
+mail using any other service than their SMTP smarthost, and think they
+can fight spam (and control their users) that way.</p>
<p>You should know, however, that it is possible to bypass such a
setup by two ways:</p>
@@ -25,7 +25,7 @@
<ul><li><p>First, systems like Tor (http://tor.eff.org) can be used,
at the price of a decreased connection speed, to redirect your traffic
to any public computer, and any port, provided you have outgoing
-access to port 80 (http) and 443 (https) - which I think anybody have
+access to port 80 (http) and 443 (https) - which anybody should have
whatever their setup. As of 2005-03-27, it does not work from behind a
proxy, but it is a matter of development, not a technology
limitation.</p>
@@ -49,23 +49,52 @@
over SSH on port 443 (https) in addition to port 22 (ssh) to allow
people to access our CVS repositories.</p></li> </ul>
-<p>In conclusion, remote outgoing traffic is a burden for us, the
-Savannah hackers, and does not bring any real value.</p>
+<p>In conclusion, remote outgoing traffic is a burden for us (the
+Savannah hackers) and does not bring any real value.</p>
<p>That's what it is important that you tell your local system
administrator or your ISP about it. You can for example refer them to
-this page.</p>
+this page. I mean it: that's the only clean and reliable solution to
+access Savannah and other services on the Internet. You need to
+mention it to your local sysadmin so he realizes that opening outgoing
+traffic is needed, and that trying to control is ineffective and just
+a burden to his/her users.</p>
<p>Now let's see how to access our CVS services using any of those
methods.</p>
<ul><li><p>Tor (check
-http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO#head-617feae632f5e2f957b45f1b3701b3d1c0ce41b7
+http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#head-0ae888b56f2f45ecda014dfc163a0dc0502b664d
for more information). This method can be used to access any remote
CVS repository. Here are instructions for a Debian GNU/Linux-based
distribution:</p>
<pre>
+# Install Tor. Check http://tor.eff.org/download.html for more information
+aptitude install tor
+# Configure Tor
+cat <<'EOF' >> /etc/tor/torrc
+
+FascistFirewall 1
+FirewallPorts 80,443
+EOF
+# Restart Tor
+invoke-rc.d tor restart
+</pre>
+
+Now you should be able to use tor the easy way:
+<pre>
+export CVS_RSH=ssh
+torify cvs -d:ext:<i>username</i>@cvs.savannah.gnu.org/cvsroot/<i>emacs</i> co
<i>emacs</i>
+</pre>
+
+<p>If you don't like typing 'torify', you may want to have a look at
+http://shellscripts.org/project/toraliases</p>
+
+<p>If for some reason that doesn't work (notify us!), you can try the
+difficult way:</p>
+
+<pre>
# Get connect
wget http://www.taiyo.co.jp/~gotoh/ssh/connect.c
# Compile it
@@ -73,29 +102,28 @@
# Install it somewhere in your path
install -m 755 connect ~/bin/
# Configure SSH
-cat <<EOF >> ~/.ssh/config
+cat <<'EOF' >> ~/.ssh/config
Host cvs.savannah.gnu.org
ProxyCommand connect -S localhost:9050 %h %p
EOF
-# Install Tor. Check http://tor.eff.org/download.html for more information
-apt-get install tor
-# Configure Tor
-cat <<EOF >> /etc/tor/torrc
-FascistFirewall 1
-FirewallPorts 80,443
-EOF
-# Start Tor
-/etc/init.d/tor start
# You now can use SSH normally
export CVS_RSH=ssh
-cvs -d:ext:address@hidden/cvsroot/emacs co emacs
+cvs -d:ext:<i>username</i>@cvs.savannah.gnu.org/cvsroot/<i>project</i> co
<i>module</i>
...
</pre>
<p>If you are not root on your machine, you will need to compile Tor
-by hand, but that should not be a problem.</p></li>
+by hand, but that should not be a problem.</p>
+
+<p>We heard that some ISPs block most of the Tor nodes. If that's the
+case, the fist move is to explain your system administrator that this
+is blocking your legitimate work, and ask him/her the reason of this
+filtering (we would be pleased to know that reason as well). Last time
+a Savannah user had this kind of issue, he didn't contact the sysadmin
+and didn't even know why Tor nodes were blocked - we don't think
+that's the way to go.</p></li>
<li><p>Using cvs.savannah.gnu.org:443. Please note again that this is
a burden for us to offer this method and is not garanteed in the long
@@ -113,7 +141,7 @@
# Install it somewhere in your path
install -m 755 connect ~/bin/
# Configure SSH
-cat <<EOF >> ~/.ssh/config
+cat <<'EOF' >> ~/.ssh/config
Host cvs.savannah.gnu.org
ProxyCommand connect -H <i>proxyhost</i>:<i>proxyport</i> %h %p
@@ -127,17 +155,39 @@
<pre>
# Create a wrapper, in your path
-cat <<EOF > ~/bin/sshwrapper
+cat <<'EOF' > ~/bin/sshwrapper
#!/bin/sh
exec ssh -p 443 $*
EOF
# Give it executable permissions
chmod 755 ~/bin/sshwrapper
+
# You now can use SSH with sshwrapper
-export CVS_RSH=sshwrapper
-cvs -d:ext:address@hidden/cvsroot/emacs co emacs
+export CVS_RSH=~/bin/sshwrapper
+cvs -d:ext:<i>username</i>@cvs.savannah.gnu.org/cvsroot/<i>project</i> co
<i>module</i>
...
</pre>
</li></ul>
-<p style="font-size: smaller">Update $Date: 2005/12/13 21:49:14 $</p>
+<p>If that doesn't work, try typing:</p>
+
+<pre>
+# Tor
+$ <b>~/bin/connect -S localhost:9050 cvs.savannah.gnu.org 443</b>
+SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
+<b><i><Ctrl+d to exit></i></b>
+</pre>
+
+<pre>
+# HTTPs Proxy
+$ <b>~/bin/connect -H <i>proxyhost</i>:<i>proxyport</i> cvs.savannah.gnu.org
443</b>
+SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
+<b><i><Ctrl+d to exit></i></b>
+</pre>
+
+<p>If you don't see the the remote SSH version after a few seconds, then
+there's a problem; please note any error message and contact us if you
+can't fix your configuration.</p>
+
+
+<p style="font-size: smaller">Update $Date: 2005/12/17 11:00:07 $</p>