* VC with CVS over SSH
@ 2002-10-24 14:18 Phillip Lord
2002-10-24 19:37 ` Richard V. Molen
0 siblings, 1 reply; 7+ messages in thread
From: Phillip Lord @ 2002-10-24 14:18 UTC (permalink / raw)
I am having some problems with using CVS within vc. The problem is
that my ssh connection is password prompting me, and vc-diff doesn't
like it (the password prompt comes up in a read only buffer).
Funnily enough pcl-cvs works fine with this, although the password
prompt that I get looks like its coming from GNOME, rather than emacs,
which was a bit of a surprise.
Anyone got any ideas?
Phil
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH
2002-10-24 14:18 VC with CVS over SSH Phillip Lord
@ 2002-10-24 19:37 ` Richard V. Molen
2002-10-25 12:52 ` Phillip Lord
0 siblings, 1 reply; 7+ messages in thread
From: Richard V. Molen @ 2002-10-24 19:37 UTC (permalink / raw)
Phillip Lord <p.lord@russet.org.uk> writes:
> I am having some problems with using CVS within vc. The problem is
> that my ssh connection is password prompting me, and vc-diff doesn't
> like it (the password prompt comes up in a read only buffer).
Use ssh-agent along with RSA or DSA passphrase. There are many ways
to do this, here's one.
...From bash command line (after using ssh-keygen to generate either
an RSA or a DSA passphrase)...
exec ssh-agent $SHELL
ssh-add
...ssh-add will prompt for the passphrase and save the key for
ssh-agent. Now anything started from that shell will not need a
password (nor passphrase) since the ssh-agent will pass the key
automagically....
emacs &
Hope this helps.
--
Richard V. Molen
Warning!!
Signature under construction, safety glasses required.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH
2002-10-24 19:37 ` Richard V. Molen
@ 2002-10-25 12:52 ` Phillip Lord
2002-10-25 13:57 ` Richard V. Molen
0 siblings, 1 reply; 7+ messages in thread
From: Phillip Lord @ 2002-10-25 12:52 UTC (permalink / raw)
>>>>> "Richard" == Richard V Molen <rvmolen@bambecksystems.com> writes:
Richard> Phillip Lord <p.lord@russet.org.uk> writes:
>> I am having some problems with using CVS within vc. The problem
>> is that my ssh connection is password prompting me, and vc-diff
>> doesn't like it (the password prompt comes up in a read only
>> buffer).
Richard> Use ssh-agent along with RSA or DSA passphrase. There are
Richard> many ways to do this, here's one.
Richard> ...From bash command line (after using ssh-keygen to
Richard> generate either an RSA or a DSA passphrase)...
Richard> exec ssh-agent $SHELL ssh-add
Richard> ...ssh-add will prompt for the passphrase and save the key
Richard> for ssh-agent. Now anything started from that shell will
Richard> not need a password (nor passphrase) since the ssh-agent
Richard> will pass the key automagically....
Richard> emacs &
Richard> Hope this helps.
Okay, I guess you are right. I normally don't use ssh-agent, because
I found the documentation a little scary, but it probably is time to
learn it properly!
Thanks.
Phil
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH
2002-10-25 12:52 ` Phillip Lord
@ 2002-10-25 13:57 ` Richard V. Molen
2002-10-25 14:15 ` Klaus Berndl
0 siblings, 1 reply; 7+ messages in thread
From: Richard V. Molen @ 2002-10-25 13:57 UTC (permalink / raw)
Phillip Lord <p.lord@russet.org.uk> writes:
>
> Okay, I guess you are right. I normally don't use ssh-agent, because
> I found the documentation a little scary, but it probably is time to
> learn it properly!
>
> Thanks.
>
> Phil
I did too. It helped me to remember that the client generates the keys
and puts the public key(s) on the (sshd) server. Also that ssh2 DSA is
sufficient if you have it; I think the rest is for historical support.
But I'm getting off topic. Here's some helpful URLs.
www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial
www.openssl.org/support/faq.cgi OpenSSL FAQ
www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book
www.uk.research.att.com/vnc/sshvnc.html vnc ssh
If you're interested, I can email you a crude bash script you can run
on the client that will setup the first user on both client & server.
--
Richard V. Molen
Warning!!
Signature under construction, safety glasses required.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH
2002-10-25 13:57 ` Richard V. Molen
@ 2002-10-25 14:15 ` Klaus Berndl
2002-10-25 14:28 ` Phillip Lord
0 siblings, 1 reply; 7+ messages in thread
From: Klaus Berndl @ 2002-10-25 14:15 UTC (permalink / raw)
On 25 Oct 2002, Richard V. Molen wrote:
> Phillip Lord <p.lord@russet.org.uk> writes:
> >
> > Okay, I guess you are right. I normally don't use ssh-agent, because
> > I found the documentation a little scary, but it probably is time to
> > learn it properly!
> >
> > Thanks.
> >
> > Phil
>
> I did too. It helped me to remember that the client generates the keys
> and puts the public key(s) on the (sshd) server. Also that ssh2 DSA is
> sufficient if you have it; I think the rest is for historical support.
>
> But I'm getting off topic. Here's some helpful URLs.
> www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial
> www.openssl.org/support/faq.cgi OpenSSL FAQ
> www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book
> www.uk.research.att.com/vnc/sshvnc.html vnc ssh
>
> If you're interested, I can email you a crude bash script you can run
> on the client that will setup the first user on both client & server.
If this is not too much effort for you, i would be also interested in this
script.
Klaus
--
Klaus Berndl mailto: klaus.berndl@sdm.de
sd&m AG http://www.sdm.de
software design & management
Thomas-Dehler-Str. 27, 81737 München, Germany
Tel +49 89 63812-392, Fax -220
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH
2002-10-25 14:15 ` Klaus Berndl
@ 2002-10-25 14:28 ` Phillip Lord
2002-10-25 16:55 ` Richard V. Molen
0 siblings, 1 reply; 7+ messages in thread
From: Phillip Lord @ 2002-10-25 14:28 UTC (permalink / raw)
>>>>> "Klaus" == Klaus Berndl <Klaus.Berndl@sdm.de> writes:
Klaus> On 25 Oct 2002, Richard V. Molen wrote:
>> Phillip Lord <p.lord@russet.org.uk> writes:
>> > Okay, I guess you are right. I normally don't use ssh-agent,
>> > because I
>> >found the documentation a little scary, but it probably is time
>> >to learn it properly!
>> >
>> > Thanks.
>> >
>> > Phil
>> I did too. It helped me to remember that the client generates
>> the keys and puts the public key(s) on the (sshd) server. Also
>> that ssh2 DSA is sufficient if you have it; I think the rest is
>> for historical support.
>>
>> But I'm getting off topic. Here's some helpful URLs.
>> www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial
>> www.openssl.org/support/faq.cgi OpenSSL FAQ
>> www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book
>> www.uk.research.att.com/vnc/sshvnc.html vnc ssh
>>
>> If you're interested, I can email you a crude bash script you can
>> run on the client that will setup the first user on both client &
>> server.
Klaus> If this is not too much effort for you, i would be also
Klaus> interested in this script.
If its not sensitive, perhaps you could just post it. I would
certainly be interested.
Cheers
Phil
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH
2002-10-25 14:28 ` Phillip Lord
@ 2002-10-25 16:55 ` Richard V. Molen
0 siblings, 0 replies; 7+ messages in thread
From: Richard V. Molen @ 2002-10-25 16:55 UTC (permalink / raw)
Phillip Lord <p.lord@russet.org.uk> writes:
> >>>>> "Klaus" == Klaus Berndl <Klaus.Berndl@sdm.de> writes:
>
> Klaus> On 25 Oct 2002, Richard V. Molen wrote:
>
> >> But I'm getting off topic. Here's some helpful URLs.
> >> www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial
> >> www.openssl.org/support/faq.cgi OpenSSL FAQ
> >> www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book
> >> www.uk.research.att.com/vnc/sshvnc.html vnc ssh
> >>
> >> If you're interested, I can email you a crude bash script you can
> >> run on the client that will setup the first user on both client &
> >> server.
>
> Klaus> If this is not too much effort for you, i would be also
> Klaus> interested in this script.
>
> If its not sensitive, perhaps you could just post it. I would
> certainly be interested.
Here it is, along with these disclaimers...
1. Use at your own risk.
2. I am not an expert on ssh nor bash.
3. Read the comments before running, this does delete some files.
4. Read the 'man ssh' page & 'good ssh tutorial' (above) first.
===start of script file===
#! /bin/bash
#Generates private & public keys for SSH access on client & server sides
#for the first time. Run this on client machine w/o arguments.
#
#--- DELETES/REPLACES prior authorized keys & config on BOTH client & server ---
#
#Modify this script if you need to preserve prior work on the
#client or the server. If _you_ don't _already_ connect to this server from
#other clients then use this w/o worry.
#
#This sets ssh to use only protocol version 2 DSA public key authentication.
#RSA key generation should work too, if uncommented.
#
#Makes config file that for client that is copied to server for its other clients.
#
#Ran script on a client running Cygwin bash
#with "OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f"
#to a RH 7.3 Linux server running openssh daemon sshd.
#
#Note: For older versions DSA keys used separate files authorized_keys2 etc.
# on server 'man ssh' then /^FILES
echo "deleting 'authorized_keys' and all key files on client"
echo "deleting 'known_hosts' -- these will be recreated in this script"
cd ~/.ssh/
rm -f authorized_keys id* known_hosts
# echo "generate public & private keys -- these will ask for a passphrases"
# echo "Make private key file for RSA1 (protocol 1) using RSA"
# echo "~/.ssh/(identity identity.pub)"
# ssh-keygen
# cat identity.pub >> authorized_keys
#
# echo "Make private key file for SSH2 (protocol 2) using RSA"
# echo "~/.ssh/(id_dsa id_dsa.pub) -- ssh2 protocol 2 only rsa"
# ssh-keygen -t rsa
# cat id_rsa.pub >> authorized_keys
echo "Make private key file for SSH2 (protocol 2) using DSA"
echo "~/.ssh/(id_dsa id_dsa.pub) -- ssh2 protocol 2 only dsa (replaces .rhost...)"
ssh-keygen -t dsa -f id_dsa
cat id_dsa.pub >> authorized_keys
echo "Disable ssh config file until end of script by"
echo "Renaming it from ~/.ssh/config file to config.OLD."
mv config config.OLD
echo "Copy public keys to server (sshd host)"
echo "If 'The authenticity of host ... can't be established.' ...SAY YES..."
echo "(saying yes puts server key in client's known_hosts file.)"
echo "expect to enter password..."
scp -p authorized_keys $RUSER@$RSERVER:.ssh/
echo "Disallow write permission for groups & others for ssh files"
echo "expect to enter passphrase or password..."
ssh -2 -i id_dsa $RUSER@$RSERVER chmod go-w . .ssh .ssh/authorized_keys
echo "Generate config file for client."
cat <<EOF >config
# ssh configuration file
#Should double on client and server with NFS-home ability
#Summary: use only ssh2/DSA key auth. rename this file to experiment
# ref: 'man ssh' or 'info ssh' then '/CONFIGURATION FILES'
# each host can have different settings. * means 'the rest'
# Host 999.999.999.999
Host *
# batch mode runs w/o user so no password/phrase requested.
# BatchMode no
# check ip address is in ~/.ssh/known_hosts
CheckHostIP yes
# protocol version 1 session encryption
# Cipher blowfish
# protocol version 2 session encrpytion
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
Compression yes
CompressionLevel 6
# ConnectionAttempts 1
# EscapeChar ^]
FallBackToRsh no
# ForwardAgent no
ForwardX11 yes
# GatewayPorts no
# protocol 2 -- use rhosts authentication first.
HostbasedAuthentication no
# key crypt algorithms to try in this order.
HostKeyAlgorithms ssh-dss
# HostKeyAlias for tunneling
# HostName -- specifies the real host name to log into.
# protocol 1 RSA1=identity, protocol 2 RSA=id_rsa, DSA=id_dsa
IdentityFile ~/.ssh/id_dsa
KeepAlive yes
# Kerberos...
# LocalForward host:port
LogLevel INFO
# message authentication code algorithms in order of preference (protocol 2)
# MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
# Don't gripe about wrong host on NFS-home system.
NoHostAuthenticationForLocalhost yes
NumberOfPasswordPrompts 2
PasswordAuthentication no
# Port 22
# protocol 2 preferred authentications default: publickey, password, keyboard-interactive
PreferredAuthentications publickey
# Just use protocol 2
Protocol 2
PubkeyAuthentication yes
# RemoteForward host:port
# protocol 1 .rhosts check
# RhostsAuthenication no
# protocol 1 rhostrsa auth
# RhostsRSAAuthenication no
ChallengeResponseAuthentication yes
# UsePrivilegedPort no
User ric
UseRsh no
# XAuthLocation /usr/X11R6/bin/xauth
# StrictHostKeyChecking: yes,no,ask -- check client's known_hosts file for server key
EOF
echo "Clean up known_hosts file so that only DSA server key is therein"
echo "If 'The authenticity of host ... can't be established.' ...SAY YES..."
echo "expect to enter passphrase & see server's present working directory"
rm known_hosts
echo "try ssh to see if a passphrase is requested"
echo "expect to enter passphrase & see server's .ssh directory."
ssh $RUSER@$RSERVER ls -l .ssh
echo "Amend config file to require DSA key for server in client's known_hosts."
cat <<EOF >>config
# StrictHostKeyChecking: yes,no,ask -- check client's known_hosts file for server key
StrictHostKeyChecking yes
EOF
echo "Copy ssh config file to server (sshd host) for its other clients"
echo "It will replace servers config file"
echo "expect to enter passphrase..."
scp -p config $RUSER@$RSERVER:.ssh/
echo "...$0 is done -- ssh should be ready to use..."
echo "...if password support is needed edit ~/.ssh/config or rename it..."
===end of script file===
--
Richard V. Molen
Warning!!
Signature under construction, safety glasses required.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2002-10-25 16:55 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-24 14:18 VC with CVS over SSH Phillip Lord
2002-10-24 19:37 ` Richard V. Molen
2002-10-25 12:52 ` Phillip Lord
2002-10-25 13:57 ` Richard V. Molen
2002-10-25 14:15 ` Klaus Berndl
2002-10-25 14:28 ` Phillip Lord
2002-10-25 16:55 ` Richard V. Molen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).