Re: CVS Server configuration.

[Mark Priest]

Vijay,

On the client side I am using WinCVS and Tortoise CVS with ssh public key
authentication.  I am using the putty plink.exe command line client to
obtain the SSH connection with CVS.  I just need to set the path to the
private key and specify plink.exe as the rsh executable in WinCVS.

I tried attached detailed instructions in an attached zipped Word file
but the list ate it. :)  I will summarize below.

I am using OpenSSH on the server-side not SSH2 so I can't help out too much
with that.  The O'Reilly book "SSH, the Secure Shell: The Definitive Guide"
(see http://safari.oreilly.com/0596000111) is an excellent source for how
to set up sshd with SSH2.

Basic Configuration
Project contributors have access to the repository using the secure shell
protocol (SSH) for the purpose of interacting with the CVS repository only.
Only the SSH2 protocol with RSA public keys can be used to access this
server. Password access has been disabled and SSH accounts are not
allowed shell account access for interactive sessions. This is, of
course, for security reasons. Each project contributor has an account
on the server for the purpose of using CVS.

SCM Server Configuration:
OS: Windows XP Professional with cygwin
CVS server: cygwin CVS server port
ssh server: cygwin openssh port (using SSH2 mode with 1024 RSA bit keys)


Recommended Environment

There are two basic configurations that can be used for accessing the
CVS repository. For those who are comfortable with Unix-style command-line
clients for CVS and ssh the recommended approach is to use cygwin for
these purposes. For those who want to use a Windows graphical application
the recommended setup is WinCVS and TortoiseCVS for CVS and Putty for
ssh.


The CVSROOT should be set as follows:

Unix-style CVSROOT :ext:address@hidden:/cvs
Windows CVSROOT  :ext:cvssession:/cvs

The recommended clients are discussed below.

Windows Graphical Client Setup

In order to setup your machine for CVS access using Windows graphical
clients the following products must be downloaded, installed, and
configured.

Putty ssh client
Plink ssh command-line client
PuttyGen key generator
WinCVS cvs client
Tortoise CVS Explorer Shell extension (very cool!)

Step 1. Download Putty, Plink, and PuttyGen client programs

download from http://www.chiark.greenend.org.uk/~sgtatham/putty/

These programs are all executables and can be run immediately without
the need for installing. If Windows complains when you run these make
sure you use the FTP download since I have had difficulty using the http
download from IE.

Step 2. Create a public/private Key Pair using PuttyGen

Run the puttygen.exe executable
Set the radio buttons on the bottom to SSH2 RSA and click the Generate
button. You will be prompted to randomly move the mouse around

Click on Save private key and choose a location for the key that is
secure. You will need to remember the location of this key file for a
later step. You will be prompted for a pass phrase when you do this.
I recommend not using a pass phrase and saying "Yes". This makes it
easier to use CVS with the ssh method. This is secure as long as
nobody else can physically access your machine to use your key.
If you want to use a pass phrase for extra security then the private
key will be encrypted with that pass phrase and nobody can use it
without supplying the pass phrase. You can still avoid constantly
typing the pass phrase by downloading and configuring the Pageant
SSH authentication agent but you are on your own :)

Step 3. Set up public key on server account
Specific to SSH2
For SSH2, you need to edit two files, one on the client machine and
one on the server machine. On the client machine, create or edit the
file ~/.ssh2/identification and insert a line to identify your private
key file: IdKey id_dsa_1024_a
On the server machine, create or edit the file ~/.ssh2/authorization,
which contains information about public keys, one per line. But
unlike SSH1's authorized_keys file, which contains copies of the public
keys, the authorization file lists only the filename of the key:
Key id_dsa_1024_a.pub
Finally, copy id_dsa_1024_a.pub from your local machine to the remote
SSH2 server machine, placing it in ~/.ssh2.

Regardless of which SSH implementation you use, make sure your remote
SSH directory and associated files are writable only by your account.


Step 4. Establish a saved Putty Session and attempt to connect to your
account


You should use the Putty client to establish a saved session to access
the account.

Run the putty.exe executable

I recommend saving your session as cvssession so that the CVSROOT given
above will work as is. There are three screens that you need to go to in
this dialog to set up the session.

First type the name of the session in the Saved Sessions textbox and hit
the Save button. Don't hit the Open button until you are ready to test
the connection since this will prevent you from saving. This is just an
annoying feature of Putty.

Enter the IP address of the CVS server in the Host Name box
Select the ssh protocol
Next go to the tree on the left and select the Connection node

Enter your cvs user name in the Auto-login username textbox

Next go to the tree on the left and select the Connection/SSH/Auth node

Hit the browse button and select your private key file.
(Don't Hit Open!!!!) Go back to the Session node and click on Save to
save the session.

Now click on the Open button to test the connection.
If this is the first time you have connected you will receive a
warning saying this host key is unknown to you. You can say OK and it
will be added to a list of known host keys. If you are paranoid you
should check the fingerprint value for the server and make sure that
it matches the correct value.


If the fingerprint matches then click Yes.

You should see a window with the following message if you are able to
access your account

Using username "username"
Authenticating ewith public key ...
Server refused to allocate pty

The username and key comment will be different. The pty message is normal
and occurs because your account is not permitted shell access.

Close the window to end the session Your session is actually saved in
the Windows registry at
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions.
You can also go to the SshHostKeys key if you need to delete a cached
server host key.

Step 5. Download and install the WinCVS client

Download the client from http://www.wincvs.org/

I recommend using the stable 1.2 version. The download is a zip file
that must be unzipped to yield a standard windows installer that you
should use to install WinCVS.

Step 6. Configure WinCVS

You start WinCVS from the Start menu like a typical Windows app.
There are only a few things to configure here.

Select Admin | Preferences from the main menu

There are two screens to configure in these tabs.
Set the CVSROOT to :ext:cvssession:/cvs
Set the Authentication to SSH Server

Select the RSA identity radio button and hit the ellipsis button to
browse to where you have saved your private key file.

Next click on the Ports tab

Click the check box next to "Check for an alternate rsh name" and
enter plink.exe. Note that this assumes you have added the location
where you installed plink to your system path. This is handy because
then you can test your ssh connection by typing
"plink cvssession" at the command line.

You are now finished configuring WinCVS.


Step 7. Download and install TortoiseCVS

This step is not strictly necessary but the integration this product
offers with Windows Explorer is well worth the extra step.

Download TortoiseCVS from http://www.tortoisecvs.org/

I recommend using version 1-2-2. The download is an installation
program that you can run as usual.

There is not much to configure here.

Select Preferences from TortoiseCVS off the start menu and go to the
"Quirky" tab
Make sure that the Unix compatibility check box is unchecked.

This product integrates with Windows Explorer and lets you do CVS
client operations from Explorer. If you click on file properties you
can look at the neato revision history graph and version information
there.


There are a couple of free external diff tools that work with TortoiseCVS.
They are Examdiff http://www.prestosoft.com/ps.asp?page=edp_examdiff
and WinMerge http://winmerge.sourceforge.net/. I prefer Examdiff but
both are exellent tools. They can be added as the external diff tool
through the Main tab on the TortoiseCVS preferences dialog.

Step 8. Checkout Projects from the CVS Repository

If you have never used CVS before I recommend first checking out the foo
project since there is no harm that can be done there.
You can't really screw up too bad with CVS but like all things from
Unix it will do exactly as you say, which may not be what you mean.
It is also unlikely to prompt you for actions.

Check out the foo project using WinCVS (You cannot use TortoiseCVS for
this but you can for everything else)

Unfortunately there is no graphical way to checkout projects using
WinCVS because it does not gracefully support SSH. You will need to
checkout projects using the command line option at Admin | Command Line.
To check out the foo project you would do as follows:

Enter the command

cvs -d :ext:cvssession:/cvs checkout foo

Use the Change folder button to specify the parent directory for where
you want the foo root to show up.

After you hit OK you should see something similar to the following output
in the textbox at the bottom of the screen if everything went well:

cvs -d :ext:cvssession:/cvs checkout foo (in directory C:\bowl)
cvs server: Updating foo
U foo/bogus.c
U foo/bogus.h
U foo/newjunk.c
U foo/readme.txt

*****CVS exited normally with code 0*****

You can now begin using the foo project. You can checkout other projects
with the same command but change the last argument to the name of the
appropriate project.

Cygwin Setup

If you choose to install cygwin then follow these steps:

Download cygwin from http://www.cygwin.com/
There are detailed instructions on the site for how to install cygwin.
Be sure to select the packages for OpenSSH and cvs (and probably vim)
when you do the install.

Configure ssh
You should tun the script "/usr/bin/ssh-user-config" to configure your
account. This should create your public/private key pairs for you.
If not you can run ssh-keygen to do that. The ssh client will look in
the default location for those keys so you should not have to do
anything special.

Setup environment

You should set the following environment variables in .bash_profile

CVSROOT        :ext:address@hidden:/cvs
CVS_RSH        ssh

Test your ssh connection

type "ssh address@hidden" at the command prompt. You should receive
a message saying that no tty can be allocated but the key should be
accepted.

Since your CVSROOT is set you should not need to specify it when checking
out projects. So in the proper parent directory you just need to type
"cvs checkout foo" to checkout the foo project from the repository.

Next Steps

There is an open source project by the author of TortoiseCVS that
integtrates directly with the Visual Studio. I have been unable to get
this to work for me, however, after much effort. Personally, the
combination of WinCVS and TortoiseCVS is more than enough for my
purposes. If you are interested the Visual Studio plugin can be
downloaded from http://cvssccplugin.sourceforge.net/

-Mark


> ----- Original Message -----
> From: "Dewey M. Sasser" <address@hidden>
> To: <address@hidden>
> Sent: Tuesday, July 08, 2003 2:47 PM
> Subject: Re: CVS Server configuration.
>
>
> > "Vijay Kumar" <address@hidden> writes:
> >
> > > I am running RedHat ES 2.1 with cvs-1.11.1p1-8.7
> > >
> > > I have been trying to setup a CVS Server with SSH2 for a very long
time.
> > > The latest link I tried to follow is : http://ioctl.org/unix/cvs/
> > >
> > > Please can anyone guide me to another link or give me some tips on the
> same
> > > ?
> > > I know its not a difficult task to do the same.
> >
> > > I need some tips on server side setup + client side setp - using
WinCVS
> 1.2
> > > Some links say CVS_RSH has to be on the server in the /etc/profile
file,
> > > some say it should be set on the client side - Windows box. I have got
> > > confused after reading a lot of stuff about all this.
> > > Preferably, I dont want to change the client as the users are already
> used
> > > to using WinCVS.
> >
> > I've been running an SSH environment using cvs command line (cygwin
> > and Linux), WinCVS and TortoiseCVS to a Debian based CVS server.
> >
> > 1) Get your SSH configuration working *before* you throw CVS into the
> >    mix.
> >
> > 2) I believe WinCVS has a configuration parameter for what shell
> >    program to use, so you don't have to set CVS_RSH.  In any case, it
> >    would be on the client side.  I don't use WinCVS -- I just
> >    troubleshoot it :)
> >
> > 3) I've never gotten the cvs.exe binary that came with WinCVS to work
> >    with SSH.  Dropping in the binary from the TortoiseCVS distribution
> >    seems to do the trick.
> >
> > 4) All clients have to have an account they can shell into on the
> >    server side.  CVS server is started by the CVS client shelling to
> >    the server and executing "cvs server".  There is no separate server
> >    executable to run on the server side (other than SSHD of course).
> >
> > 5) (Advanced, Warning) If you try to mix-and-match sandboxes between
> >    cygwin cvs.exe and on of the native windows ports the "binaryness"
> >    of the cygwin mount will affect you.  CVS is not forgiving of extra
> >    ^M characters in its book-keeping files.
> >
> >
> > --
> > Dewey M. Sasser
> > address@hidden
> > ---
> > The price one pays for pursuing any profession, or calling, is an
intimate
> > knowledge of its ugly side.
> > -- James Baldwin
> >
> >
> >
> > _______________________________________________
> > Info-cvs mailing list
> > address@hidden
> > http://mail.gnu.org/mailman/listinfo/info-cvs
> >
>