For security reasons, developer access on cvs.NetBSD.org has been restricted to the following commands: This allows you to use CVS (CVS in client/server mode invokes cvs server on the remote side to do its processing). This allows you to change your password interactively. Remember that you have to use ssh -t so that your password does not get echoed on the screen. This feature currently serves no purpose. This allows you to set your initial Kerberos password. Remember that you have to use ssh -t so that your password does not get echoed on the screen. This command allows you to manage your .ssh/authorized_keys file using RCS. You can feed it a new authorized_keys on stdin, and it will store the old file using RCS, and then install the new set of keys. It should be invoked as ssh cvs.NetBSD.org update_my_keys, with the new authorized_keys file passed to it on stdin. It will not accept null input (deletion of all keys) unless it is invoked as update_my_keys -d. Because there is a limit of line length on UNIX tty driver with line-editing enabled, it is safe to do stty -icanon to disable line-editing before invoking update_my_keys. Don't forget to re-enable line-editing by doing stty icanon in such a case. If you make an error, you can ask the admin group to restore an older authorized_keys file for you. But because a restoration request needs to be signed by PGP, you must commit your PGP key to the repository before doing update_my_keys. This command requires rsync 2.5.6 or newer. It allows you to run rsync in daemon mode over an SSH connection. Your login shell will adjust any rsync command line to force the use of an rsync daemon configuration file that will only allow you to read /cvsroot, using module name cvsroot. So, you invoke rsync like this (for example): rsync -avS -e ssh <login>@cvs.NetBSD.org::cvsroot/src . Please note the presence of both -e ssh and ::, which are not supported by rsync before 2.5.6. This command will connect to cvs.NetBSD.org using ssh as user loginname, invoke the rsync daemon, and fetch the src subdirectory of the cvsroot module, which of course corresponds to /cvsroot/src. If you want to rsync the entire repository, take care not to sync CVSROOT/history.*.gz and CVSROOT/commitlog.*.gz unless you want to engage in historical studies. Both are currently rotated using newsyslogd, ie they change names every other day, and their sum is ~2GB.