HOWTO - cvs-over-ssh

This is a quick HOWTO that explains how to use cvs over an ssh connection for UNIX and Windows, and specifically how to connect to the ecoinformatics.org cvs server. I assume that you have a strong knowledge of cvs and ssh already, and so this document simply points out the steps to use the two together.

Here are some common cvs commands that you'll want to learn about in order to effectively use cvs:

• cvs checkout -P
• cvs update -d -P -A
• cvs commit
• cvs log
• cvs status
• cvs diff -u

OVERVIEW

In both the UNIX and Windows cases, you must have cvs installed and available on a remote server (in our case, cvs.ecoinformatics.org), the ssh server installed on that same machine as cvs (we do!), and the ssh and cvs clients installed on the local machine. You must also have an account on the server (cvs.ecoinformatics.org) that allows access to the cvs repository files.

Make sure that ssh is set up correctly and that you can connect using your ssh client. You can choose to simply use password authentication, in which case you'll need to type in your password for each and every cvs command you issue. Alternatively, you can create an RSA key (identity and identity.pub) on the ssh server (use ssh-keygen), appending the resulting public key (identity.pub) to your "authorized_hosts" file, and copying the resulting private key (identity) to your client machine. If you create a key with no password, you will be able to use the cvs commands without having to type a password each time. Paranoia levels vary, so only do this if you understand and are comfortable with the security risks that it poses.

UNIX

1. Request an account on the cvs server (cvs.ecoinformatics.org) by sending an email to "jones@nceas.ucsb.edu" with your Name, email, institution, and modules to which you are requesting write access. We will create an account for you and check with the module owner about granting write access to that module.
2. Make sure that your identity and identity.pub keys are in ~/.ssh Specifically, put identity on your client machine and append identity.pub to the end of your "authorized_keys" file on the CVS server (usually in your ".ssh" directory) (differs slightly for ssh2)
3. Add the bin directories for ssh and cvs to your PATH in your SERVER startup files (that is, on cvs.ecoinformatics.org). For example, for cshell you would add "set path = ($path /opt/ulysses/bin /opt/ulysses/gnu/bin)" to your ".cshrc" file in your home directory on cvs.ecoinformatics.org
4. setenv CVS_RSH ssh (and add it to your startup files like .cshrc)
5. setenv CVSROOT :ext:username@cvs.ecoinformatics.org:/cvs (obviously, substitute the right information for your username and site!) By setting the connection protocol to "ext" we tell cvs to use RSH, and the CVS_RSH environment var tells cvs to use ssh as the external rsh program

Try it! cvs checkout test
Some other information on setting up cvs over ssh for UNIX is at: http://forum.swarthmore.edu/~sasha/tech/cvs-unix-ssh.html

WINDOWS

We use WinCVS ( http://www.wincvs.org) as our current graphical CVS client, and have successfully set it up to use ssh1 authentication. This description is largely based on the WinCVS FAQ section on the same topic contributed by Patrik Sundberg. I would recommend WinCVS 1.3beta6 or later (it gets easier to set up ssh with each version of WinCVS), but I have also made it work successfully with versions 1.2 and 1.0.6. Other Windows CVS clients may also work over ssh, but I haven't figured it out. If you determine how to set it up for others (e.g., jCVS), please mail me and I'll add the information.

1. Install a commandline ssh, which is most easily done by installing the Cygwin tools (http://www.cygwin.com). Openssh comes with Cygwin, so you should be have everything you need.

   Note: Although I tried several ssh clients, including SecureCRT, I was only able to get this to work with openssh as part of cygwin and the free client for win32 (doesn't handle ssh2 though). Get it at:
   ftp://ftp.cs.hut.fi/pub/ssh/contrib
   Get the newest win32-version of ssh1 (I used ssh-1_2_14-win32bin.zip).

2. If you are going to use password authentication (see above), you can skip this step. Generate an identity and identity.pub using ssh-keygen. Configure ssh so that it will use the identity when logging into cvs.ecoinformatics.org (see the standard ssh documentation). This generally involves making sure that your identity.pub key has been appended to the end of your "authorized_keys" file on the cvs server. (usually in your ".ssh" directory)

3. Make a few environment changes. , either by modifying the autoexec.bat file (Windows 95/98) or by using the system control panel (Windows NT).

   Add the directory that contains ssh.exe to the PATH variable - the PATH variable should already exist.

   CVS_RSH=ssh Set the environemnt variable CVS_RSH to the value "ssh"

4. Configure WinCVS.
   Set up your CVSROOT in CVS-Admin->preferences->general this should be of the form: username@cvs.ecoinformatics.org:/cvs Set authentication to: SSH server Set the SSH configuration options to point at your identity key

Try it (see the checkout command above)! Note that when you issue a cvs command, if your identity file has a password, a DOS window will show up in the background and ask for the password. Until you provide it, WinCVS will just sit there and wait, apparently doing nothing (except waiting for you!).

That's about it.

jones@nceas.ucsb.edu 21 November 2001