CVS through SSH

This How-to is aimed at developers who have been granted committer access to CVS repositories for particular projects.

Using SSH to access CVS repositories is recommended for security reasons. By configuring CVS to work with remote repository using private/public SSH keys you'll be able to run CVS commands without a need to enter your password every time you need access to CVS through SSH.

• Account on the local machine.
• Commiter access to the project(s). This also imply having account on the CVS host machine.
• Cygwin - a Unix environment for Windows systems. You can get it here. Not required for Linux/*nix users.
• A CVS GUI application (for Windows users only), e.g. WinCVS. It is not required, but can be very useful.

How to proceed.

Terms

SSH

Secure Shell. See OpenSSH

CVS

Concurrent Version System See CVS Home Page

Setting up domain users

If you are a domain user then you should be added to Cygwin users list (See [cygwin-dir]/etc/passwd).

• Start Cygwin, then enter following commands:

$ whoami
administrator
$ mkgroup -d > /etc/group
$ mkpasswd -d | grep 'userxxx' >> /etc/passwd
$ exit
    

• Start Cygwin/shell again and check that everything's Ok:

$ whoami
userxxx
            

Setting up SSH access

Start Cygwin/shell, then enter:

$ ssh-user-config
  Shall I create an SSH1 RSA identity file for you? (yes/no) no
  Shall I create an SSH2 RSA identity file for you? (yes/no)  (yes/no) no
  Shall I create an SSH2 DSA identity file for you? (yes/no)  (yes/no) yes
  Generating /home/userxxx/.ssh/id_dsa
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Do you want to use this identity to login to this machine? (yes/no) yes
  Adding to /home/userxxx/.ssh/authorized_keys2
  
  Configuration finished. Have fun!
    

Now you have configured SSH on your machine. Next you have to setup access to the CVS machine.

Setting up passphrase access

Perform the following:

$ scp ~/.ssh/id_dsa.pub userxxx@cvs.apache.org:.
$ ssh -l userxxx -L 2401:localhost:2401 cvs.apache.org
% mkdir ~/.ssh
% chmod 700 ~/.ssh
% cat ~/id_dsa.pub >> ~/.ssh/authorized_keys2
% rm ~/id_dsa.pub
% chmod 600 ~/.ssh/*
% exit            
            

Check that your configuration is correct:

$ ssh userxxx@cvs.apache.org
            

If now you are logged in to the to the CVS machine without entering the password then everything's Ok.

Getting the project from CVS

Now you are ready to get a project from CVS using SSH connection.

E.g. how it is done using Cygwin/shell

$ export CVS_RSH=/bin/ssh
$ cvs -d :ext:userxxx@cvs.apache.org:/home/cvs co xml-cocoon2            
            

How to setup WinCVS

• Add ssh.exe directory to your system PATH environment variable. Say:
  C:\>set PATH=%PATH%;C:\cygwin\bin
• Add CVS_RSH=ssh environment variable

Start WinCVS, then:

• From the main menu select Admin
• Then select Preferences
• In the dialog that comes up:
  Set the CVSROOT to userxxx@cvs.apache.org:/home/cvs
• Set the Authentication to SSH Server
• Click Ok

References

You can find more on CVS, SSH and WinCVS here:

• CVS Home Page
• OpenSSH
• Cygwin Home Page
• WinCVS over SSH