The basic way of using CVS with SSH is the way Unixites do it: on the command line.

To use SSH you must tell CVS that it should use an external program (ext) to connect to the repository. This is done by adding the term :ext: in front of the CVS root path.

After this, you also must tell CVS the command which is used to connect to the repository by setting the CVS_RSH environmental variable. It defaults to using rsh, which is a non-secure connection method.

If you're using a Bourne shell variant (sh,bash,ksh,zsh), say the following magic chant:

export CVS_RSH=/usr/bin/ssh
export CVSROOT=:ext:myname@cvs.mycompany.com:/path/to/cvsroot

or with CSH-based shells:

setenv CVS_RSH /usr/bin/ssh
setenv CVSROOT :ext:myname@cvs.mycompany.com:/path/to/cvsroot

and with Windows:

set CVS_RSH=C:\ssh\bin\ssh
set CVSROOT=:ext:myname@cvs.mycompany.com:/path/to/cvsroot

where

  • /usr/bin/ssh or C:\ssh\bin\ssh is the path to your ssh client software
  • myname is your user name on the computer that holds the repository
  • cvs.mycompany.com is the name of the computer that holds the repository
  • /path/to/cvsroot is the physical location of the CVS repository on that computer.

Getting rid of the password query#

After a while, you'll become annoyed at having to give your passphrase every single time you use CVS. This is when you create yourself an SSH identity, which tells that you can log in without a password.

On your friendly UNIX machine that you use for software development (and where you run SSH on), write the following:

ssh-keygen

Hit return when asked for a pass phrase to get an empty passphrase. You have now created two files in your $HOME/.ssh directory: identity and identity.pub. The former contains your secret identity key, and the latter the public part of the identity key. You must now copy the public part of the key into the CVS computer's .ssh/authorized_keys file, so that the CVS computer knows that when someone is connecting using that particular identity key, it is okay to let them in without a password.

IMPORTANT: Now ANYONE who has access to your secret identity key can access the CVS computer without a pass phrase. So DO NOT LEAVE THE IDENTITY -file lying around on computers you don't trust.

On Windows computers this is a bit more complicated, since not all SSH clients allow you to create a identity key pair. In that case, log in onto the CVS computer and create a key pair there (via ssh-keygen). Then, copy the identity file onto your PC (to C:\.ssh\ or $HOME\.ssh\) and add the identity.pub file into .ssh/authorized_keys onto the CVS computer.

"It just doesn't work!"#

Check that remote commands work in general. Try something like

> ssh you@somehost 'ls -al'
If you don't get your home directory's listing, something is wrong. One possibility is a buggy or badly configured user shell, which doesn't get the right path when invoked non-interactively. (ebu has encountered at least one bash version that refused to co-operate. Switching to just about any other shell fixed the problem.)

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 23-Feb-2002 02:48 by 194.100.207.178