Re: CVS + SSH under Unix and automatically use private keys
Matt McClure wrote: > > On Tue Oct 09 2001, 13:31, Paul Michali <[EMAIL PROTECTED]> wrote: > > > However, when I run cvs (command line) from a Unix client, with > > CVS_RSH set to SSH, it prompts me for my passphrase. Is there a way to > > get around this so that it just uses the private key and continues > > without prompting? > > This is really a question about ssh rather than cvs. Can you ssh from > your machine to the server without using a password? A while back, I was able to ssh to another system on our net and it would only ask for my password. Now, it asks for the passphrase. I have recently created a key pair as part of the setup for WinCVS. It looks like I'll need to read up on the SSH docs to understand the ways to set this up. Ideally, I want the security of not sending passwords in clear text, like rsh does I guess, and I don't want to have to type in my pass phrase for each and every CVS command as it is a pain. David Hoover wrote: > Or better yet, use ssh-agent. I'll check into that, it looks like it might be what I want to do. Thanks for the responses, I think I know where I need to look (and what I need to learn more about). PCM (Paul Michali) Carrier Voice Gateway Business Unit (CVGBU) Cisco Systems, Inc. 250 Apollo Drive Chelmsford, MA 01824 Phone : (800) 572-6771 x 45817 (978) 244-5817 [direct] Paging: (800) 365-4578 [voice] [EMAIL PROTECTED] [email page] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: CVS + SSH under Unix and automatically use private keys
On Tuesday, October 9, 2001, at 05:18 PM, Matt McClure wrote: > Does your ssh key have a passphrase? If so, create a new key without a > passphrase. > > Are either of your .ssh directories (client or server) or any of the > files contained in them group- or world-readable or -executable? If so, > get rid of those permissions. Why do you want to be able to use CVS command without having to type passwords each time, yet on the other hand you seem to be concerned about security? Is it because your IDE issues multiple cvs commands by itself? Be ware of the caveat for using a private key file without a passphrase, i.e. an unencrypted private key file. An unencrypted key file is equivalent to storing a cleartext password on a plain text file. You better not have the key file store on some network file system -- not all network file system traffics are encrypted with strong encryption. If you adopt the scheme of requiring every users to setup their own unencrypted private key files, it's very difficult to assure that every single user understands the implications and configure the SSH client/server correctly and securely, unless you want to spend a lot of time "educating" your users about encryption, file systems, your particular system configuration and stuff. Moreover, a sysadmin may screw up the security without the users knowing by swapping NFS file system mounting unwittingly. For instance moving local home directories to a new harddrive using NFS mounting just because the local disk is filling up; this might unwittingly make the unencrypted private key files transported via NFS. This kind of things are very likely to happen in institutions that staff come and go. See why this is a very poor security mechanism? It would be, however, a lot safer that you put the CVS server and a SSH server behind a firewall and only expose the SSH port such that the access to CVS server must be port-forwarded through the SSH server. The SSH and CVS severs maybe the same machine, although not really recommended. This way, you only have to type in the password once when setting up the port-forwarding tunnel. You may also want to consider Kerberos. I got this working on my Max OS X, W2K, Solaris, and Linux. Jonah Tsai ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: CVS + SSH under Unix and automatically use private keys
> Does your ssh key have a passphrase? If so, create a new key without a > passphrase. Or better yet, use ssh-agent. -- David Hoover ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
Re: CVS + SSH under Unix and automatically use private keys
On Tue Oct 09 2001, 13:31, Paul Michali <[EMAIL PROTECTED]> wrote: > However, when I run cvs (command line) from a Unix client, with > CVS_RSH set to SSH, it prompts me for my passphrase. Is there a way to > get around this so that it just uses the private key and continues > without prompting? This is really a question about ssh rather than cvs. Can you ssh from your machine to the server without using a password? If not, run ssh with the "-v" option to help debug the problem. What does it say? Does your ssh key have a passphrase? If so, create a new key without a passphrase. Are either of your .ssh directories (client or server) or any of the files contained in them group- or world-readable or -executable? If so, get rid of those permissions. -- Matt http://www.faradic.net/~mmcclure/ "I don't believe in rivalries. I don't believe in curses. Wake up the damn Bambino, maybe I'll drill him in the (behind)." -Pedro Martinez ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs
CVS + SSH under Unix and automatically use private keys
I was able to setup CVS client on my PC using WinCVS, puTTY, and SSH, such that each CVS command automatically uses my private SSH key and does the CVS command without prompting me for a password. However, when I run cvs (command line) from a Unix client, with CVS_RSH set to SSH, it prompts me for my passphrase. Is there a way to get around this so that it just uses the private key and continues without prompting? Thanks in advance! PCM (Paul Michali) Carrier Voice Gateway Business Unit (CVGBU) Cisco Systems, Inc. 250 Apollo Drive Chelmsford, MA 01824 Phone : (800) 572-6771 x 45817 (978) 244-5817 [direct] Paging: (800) 365-4578 [voice] [EMAIL PROTECTED] [email page] ___ Info-cvs mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/info-cvs