1) SSH with WinCvs 1.0.x and 1.1.x step by step
Following are a list of steps to set up WinCVS 1.0.6 (1.1 beta difference is indicated in parenthesis) to use ssh that assume no UN*X knowledge. You will, however, need to know the name of the CVS server machine (called “cvs-server-host” here) and have an account (“username” here) on it. Also, you’ll need to know the name of the module you’ll be working with.
Step1) Get SSH from ftp://ftp.ssh.com/pub/ssh/
Get the newest win32-version of SSH 1. Do not get a version
that begins with a “2”! If you don’t have the
cygwin dll’s or don’t know what they are the file you should
get is ssh-1_2_14-win32bin.zip. If you do use cygwin get
whatever version you want, but this text will assume the
1.2.14 version, not tested with any other version.
Step2) Install the ssh client.
To do this you should extract the client-archieve to
whatever location you want, e.g. C:\PROGRA~1\SSH
Step3) Make a few environment changes.
SSH needs two environment variables to work properly:
HOME and PATH
The first (HOME) will set an environment variable for ssh to
find your encrypted identity key. The second (PATH) needs
to be updated to include ssh.
For Windows 95/98, modify your AUTOEXEC.BAT file to include
the following two lines:
SET HOME=C:\PROGRA~1\SSH
SET PATH=%PATH%;C:\PROGRA~1\SSH
Restart your computer for this to take effect.
For Windows NT, open Start->Control Panel->System->Environment
Add a variable HOME with the value C:\PROGRA~1\SSH.
(If you want you can choose another directory, such as a
home-directory for your private files.)
Next, find the PATH variable. Add to it your SSH installation
directory, e.g. C:\PROGRA~1\SSH
(directories are separated by ‘;’ ).
Step4) Test the SSH installation
Start an MS-DOS shell, and try to connect using ssh.
“username” must be a valid UN*X shell account on the
“cvs-server-host”
ssh -l username cvs-server-host
You should be prompted for the username’s password for
cvs-server-host.
If not, your setup is wrong. Go back. Fix it.
Step5) Setup CVS for password-less usage
If you want to enter a password every time you do any CVS
action, skip this step. Trust me, you don’t want to skip it.
Make a directory called “.ssh” (DOTssh that is) in the
directory you specified as HOME. (If you don’t have an MS-DOS
prompt (Win M.E.), you’ll have to figure out how to make a
directory called “.ssh” — then tell me.) Enter an MS-DOS prompt and
type the following:
mkdir C:\PROGRA~1\SSH\.SSH
cd C:\PROGRA~1\SSH
ssh-keygen -C <comment> -f ./.ssh/identity
<comment> is an identifier placed in the public key
(use your email address). Just press enter when it asks
you for a passphrase. You don’t want a passphrase.
Now you need to set up the server to accept your keys.
Run the secure copy command to send the identity.pub key
to the server:
scp ./.ssh/identity.pub username@cvs-server-host:identity.pub
Then login to the server using the ssh command:
ssh -l username cvs-server-host
Now type the following commands into the SSH session
(it’s OK if the first command may complain that .ssh exists):
mkdir .ssh
cat identity.pub >> .ssh/authorized_keys
chmod go-rwx .ssh/authorized_keys
rm identity.pub
logout
Go back and try the previous step again; now it should log
you in with no password. If it asks for a password, try adding ‘-v’
before the ‘-l’ and read the logs it prints.
NOTE: Without the -C option the program will fail and you won’t
get a new key pair.
Step6) Configure WinCVS to use SSH.
Start WinCVS, and open the preferences dialog. Under the “general”
tab, set your CVSROOT to username@cvs-server-host:/path/to/cvsroot
Set authentication to: SSH server (WinCvs 1.1.x : set the Home directory
under the “WinCvs” tab to point on C:\ssh)
Step7) Test WinCVS setup.
CvsAdmin->Checkout module… and choose a directory on your
hard drive to use to store the data file. (I call mine CVSROOT.)
After picking, WinCVS will ask which module you want to checkout.
You need to know that yourself. After OKing, the lower, text window
of WinCVS should fill with log messages indicating a successful
checkout.
2) Notes about OpenSSH/Cygwin with WinCvs 1.1
You need to install Cygwin for Windows. Latest Cygwin has OpenSSH bundled with it.
In the Preferences tab of WinCvs, set the authentication to “ssh” and use ssh-keygen (From the Cygwin shell) in order to generate an identity key. Then set in the WinCvs preference tab the RSA identity to point on your identity RSA key (let say C:\cygwin\home\alexp\.ssh\identity). Enter no passphrase when creating the key (this way cvs won’t prompt for one).
You’re ready to use ssh. Don’t login, just try out a cvs command. If it doesn’t work, try to login manually using ssh (see above).
3) Notes about OpenSSH/Cygwin with cvs.exe in a dos command
You need to install Cygwin for Windows. Latest Cygwin has OpenSSH bundled with it.
I set-up ssh to connect without a password to my cvs server “cvs.3d.com” (it
uses my private key, and the public key is on the server in
“~/.ssh/authorized_keys”). The machine from which I connect is named
“mymachine”. The server has sshd running on it.
mymachine > ssh cvs.3d.com
Last login: Tue Aug 15 18:57:40 2000 from
cvs.3d.com > exit
Connection to cvs.3d.com closed
Now I can try :
mymachine > set CVS_RSH=ssh
mymachine > set CYGWIN=binmode
mymachine > set CVSROOT=:ext:[email protected]:/cvsroot
mymachine > cvs co -c
This command issue internally : “ssh -l alexp cvs.3d.com cvs server”
As usual, if something get bad, add the -v option to the previous command.
4) Using OpenSSH/Cygwin with WinCvs, the TCP forwarding method
-
- Read the previous note prior of reading this.
You can use the TCP forwarding capability of ssh. In order to use the TCP forwarding, issue something like :
mymachine > ssh -L 2401:cvs.3d.com:2401 cvs.3d.com
And now I can set-up my CVSROOT to pserver and alexp@localhost:/cvsroot.
WinCvs connects to mymachine, but is routed immediatly by ssh inside the
secure tunnel until the real destination : cvs.3d.com port 2401 (pserver).
5) Accessing the repository accross a firewall using OpenSSH/Cygwin
-
- Read the previous note !
The theory is to have ssh forwarding the pserver port on the client to the firewall,
then from the firewall to the server.
You need (on the firewall) to issue :
myfirewall > ssh -L 2401:cvs.myserver.com:2401 cvs.myserver.com
Then you do the same on the client :
mymachine > ssh -L 2401:myfirewall.3d.com:2401 myfirewall.3d.com
Now you set-up WinCvs as described previously.
6) Accessing the repository accross a firewall using teraterm/TTSSH
To access the CVS server from outside a firewall, you will use SSH to create
a secure connection from your client machine to the SSHD on the firewall.
Using port forwarding, SSH will grab any WinCVS traffic and send it over the
secure connection. SSHD on the firewall will decrypt the traffic and forward
it to the appropriate server.
This document assumes you already have WinCVS configured, and that you have
an account on a firewall running SSHD. If you already have RedHat, Mandrake,
or some other RPM-compatible OS on your firewall, SSHD can be found and
easily installed from http://www.rpmfind.net
Configuration Instructions
Download teraterm from
http://hp.vector.co.jp/authors/VA002416/teraterm.html
and the ssh extensions from
http://the.wiretapped.net/security/cryptography/ssh/TTSSH/
Install TeraTerm with the defaults, then unzip ttssh into the same directory
that TeraTerm was installed into. You’ll get several executables, including
ttermpro and ttssh. ttssh is the one we want. Add the icon to a toolbar or
the desktop probably, because you’ll need it a lot.
Config info:
Start ttssh, and hit cancel for the first dialog box. Click Setup then
TCP/IP. Remove all of the entries, then add the IP for your firewall,
uncheck Telnet and Auto Window Close, and check History.
Next, Click Setup then SSH Forwarding. Click Add. “Forward Local Port” radio
button should already be selected. For CVS, put 2401 into “Forward Local
Port”, the IP name of your CVS server into “to remote machine”, and 2401
into “port”.
Finally, Click Setup then Save Setup.
Now click File then New Connection. You should see the firewall IP. Choose
SSH for the service, then click Okay. Assuming a valid account on the
firewall, supply your uid and password, and you’ll get an SSH session. This
needs to stay running as long as WinCVS is open. If this is your first time
to connect to the firewall with SSH, a dialog box will pop up asking if you
want to add an entry for this server. Do this. Dismiss any messages about
non-existent files. Do a “netstat -a” from a command prompt and look for
“listening” on port 2401 to verify you are connected.
Next, start WinCVS. You need to make one change to an existing config: Click
Admin then Preferences. Change CVSROOT to say localhost instead of your CVS
server name. Example:
jsmith@localhost:/home/cvs
Should work like magic from there. This same setup is useful for other
services such as ftp, vnc, and netbios using different ports. NOTE: I
haven’t tested this with private network behind a firewall. Also, SSHD on
your firewall may be configured to timeout after an interval, and WinCVS
will not necessarily give you a helpful error when the connection dies.