Ideally archives should be on a remote machine. This has a number of advantages including: insurance against disk failure on the server; the ability to have a central repository for all configurations; using the extended architecture, the ability of users and scripts to edit configuration file(s) ? off the server.
If a remote archive is to be used then critical server configurations are to be passed across a network and it is crucial that this be done in a secure fashion. There are a number of different methods of accessing CVS remotely with varying degrees of functionality and security attached.
The default remote access mechanism for CVS, pserver, provides a high level of functionality as it is session based and once authenticated operations can be performed without the need for additional authentication. Unfortunately in its native state this could be well described as insecure. This is not a problem for anonymous CVS servers or a CVS repository in a secure environment. The system developed here is, however, intended to be run in the hostile environment that becomes servers at an ISP.
The port redirection functionality of SSH can be employed to provide an encrypted pipe across which CVS can operate. Alternatively ppp can be run over ssh to provide a secure tunnel between servers and the repository. Both of these solutions are reasonably high maintenance as the ssh tunnel or pipe needs to be maintained and depending on firewall restrictions an insecure connection may be possible and undetected in the case where the ssh link goes down as is its wont.
The preferred solution to my mind is to use ssh as the transport agent for CVS. This does require authentication for each transaction resulting in increased overhead. This can be minimised by ensuring that transactions such as commits and adds are grouped than initiating a separate transaction for each file. This is more an implementation issue rather than a technical barrier. Also RSA keys with null pass phrases can be used to enable secure authentication without the need to enter passwords or pass phrases.
Finally mechanisms such as Kerberos and the SSL library can be employed to provide secure connections to the repository. I have had very little experience with these methods and will not comment any further on their use.