[LUGSB] CVS over SSH

[Charles P. Wright]

As per popular request from the meeting here are instructions on how to
use CVS over SSH.

First you need to tell CVS to use SSH instead of RSH:
Do the equivalent of "CVS_RSH=ssh" and then "export CVS_RSH".  With C
shell you'll need to use "setenv CVS_RSH ssh".

Next you need to appropriately set your CVSROOT environment variable.
The format is ":ext:$USER@$HOST/$DIR".  For example, if your username is
cwright, the cvs server is sparky, and your cvs root is in
/export/home1/c/w/cwright, you would do the following:

CVSROOT=':ext:cwright at sparky.ic.sunysb.edu/export/home1/c/w/cwright/CVSROOT'
export CVSROOT

At this point you can run cvs init, and it will prompt you for a
password.

I don't like to type passwords, so I setup SSH public key
authentication.   I don't like the idea of having full shell logins
happen automatically, so I create a key pair specific to CVS.

First you need to generate your key pair on your client machine with
ssh-keygen.  You need to specify a key type, and where the file should
go.

ssh-keygen -t rsa -f ~/.ssh/id_rsa.cvs

Will output the private key to ~/.ssh/id_rsa.cvs and the public key to
~/.ssh/id_rsa.cvs.pub.  I don't use a passphrase on the key, so that I
don't need to decrypt it before use.

I then create a small shell script that will execute ssh with this key.
[cwright at arcticfox cwright]$ cat ~/.bin/sshcvs
#!/bin/sh
 
exec /usr/bin/ssh -i /home/cwright/.ssh/id_rsa.cvs $*

On the server you need to have an authorized key entry in
~/.ssh/authorized_keys.
Mine looks like:
command="cvs server" ssh-rsa [snip] cwright at dhcp20.fsl.cs.sunysb.edu

The line is simply the contents of your .ssh/id_rsa.cvs.pub, prepended
with command="cvs server".  This means that no matter what command the
client wants to execute, "cvs server" is executed instead.

Then I set my CVS_RSH to sshcvs, this way CVS uses the wrapperinstead of
normal ssh.  Goodbye passwords.

Chip