* VC with CVS over SSH @ 2002-10-24 14:18 Phillip Lord 2002-10-24 19:37 ` Richard V. Molen 0 siblings, 1 reply; 7+ messages in thread From: Phillip Lord @ 2002-10-24 14:18 UTC (permalink / raw) I am having some problems with using CVS within vc. The problem is that my ssh connection is password prompting me, and vc-diff doesn't like it (the password prompt comes up in a read only buffer). Funnily enough pcl-cvs works fine with this, although the password prompt that I get looks like its coming from GNOME, rather than emacs, which was a bit of a surprise. Anyone got any ideas? Phil ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH 2002-10-24 14:18 VC with CVS over SSH Phillip Lord @ 2002-10-24 19:37 ` Richard V. Molen 2002-10-25 12:52 ` Phillip Lord 0 siblings, 1 reply; 7+ messages in thread From: Richard V. Molen @ 2002-10-24 19:37 UTC (permalink / raw) Phillip Lord <p.lord@russet.org.uk> writes: > I am having some problems with using CVS within vc. The problem is > that my ssh connection is password prompting me, and vc-diff doesn't > like it (the password prompt comes up in a read only buffer). Use ssh-agent along with RSA or DSA passphrase. There are many ways to do this, here's one. ...From bash command line (after using ssh-keygen to generate either an RSA or a DSA passphrase)... exec ssh-agent $SHELL ssh-add ...ssh-add will prompt for the passphrase and save the key for ssh-agent. Now anything started from that shell will not need a password (nor passphrase) since the ssh-agent will pass the key automagically.... emacs & Hope this helps. -- Richard V. Molen Warning!! Signature under construction, safety glasses required. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH 2002-10-24 19:37 ` Richard V. Molen @ 2002-10-25 12:52 ` Phillip Lord 2002-10-25 13:57 ` Richard V. Molen 0 siblings, 1 reply; 7+ messages in thread From: Phillip Lord @ 2002-10-25 12:52 UTC (permalink / raw) >>>>> "Richard" == Richard V Molen <rvmolen@bambecksystems.com> writes: Richard> Phillip Lord <p.lord@russet.org.uk> writes: >> I am having some problems with using CVS within vc. The problem >> is that my ssh connection is password prompting me, and vc-diff >> doesn't like it (the password prompt comes up in a read only >> buffer). Richard> Use ssh-agent along with RSA or DSA passphrase. There are Richard> many ways to do this, here's one. Richard> ...From bash command line (after using ssh-keygen to Richard> generate either an RSA or a DSA passphrase)... Richard> exec ssh-agent $SHELL ssh-add Richard> ...ssh-add will prompt for the passphrase and save the key Richard> for ssh-agent. Now anything started from that shell will Richard> not need a password (nor passphrase) since the ssh-agent Richard> will pass the key automagically.... Richard> emacs & Richard> Hope this helps. Okay, I guess you are right. I normally don't use ssh-agent, because I found the documentation a little scary, but it probably is time to learn it properly! Thanks. Phil ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH 2002-10-25 12:52 ` Phillip Lord @ 2002-10-25 13:57 ` Richard V. Molen 2002-10-25 14:15 ` Klaus Berndl 0 siblings, 1 reply; 7+ messages in thread From: Richard V. Molen @ 2002-10-25 13:57 UTC (permalink / raw) Phillip Lord <p.lord@russet.org.uk> writes: > > Okay, I guess you are right. I normally don't use ssh-agent, because > I found the documentation a little scary, but it probably is time to > learn it properly! > > Thanks. > > Phil I did too. It helped me to remember that the client generates the keys and puts the public key(s) on the (sshd) server. Also that ssh2 DSA is sufficient if you have it; I think the rest is for historical support. But I'm getting off topic. Here's some helpful URLs. www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial www.openssl.org/support/faq.cgi OpenSSL FAQ www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book www.uk.research.att.com/vnc/sshvnc.html vnc ssh If you're interested, I can email you a crude bash script you can run on the client that will setup the first user on both client & server. -- Richard V. Molen Warning!! Signature under construction, safety glasses required. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH 2002-10-25 13:57 ` Richard V. Molen @ 2002-10-25 14:15 ` Klaus Berndl 2002-10-25 14:28 ` Phillip Lord 0 siblings, 1 reply; 7+ messages in thread From: Klaus Berndl @ 2002-10-25 14:15 UTC (permalink / raw) On 25 Oct 2002, Richard V. Molen wrote: > Phillip Lord <p.lord@russet.org.uk> writes: > > > > Okay, I guess you are right. I normally don't use ssh-agent, because > > I found the documentation a little scary, but it probably is time to > > learn it properly! > > > > Thanks. > > > > Phil > > I did too. It helped me to remember that the client generates the keys > and puts the public key(s) on the (sshd) server. Also that ssh2 DSA is > sufficient if you have it; I think the rest is for historical support. > > But I'm getting off topic. Here's some helpful URLs. > www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial > www.openssl.org/support/faq.cgi OpenSSL FAQ > www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book > www.uk.research.att.com/vnc/sshvnc.html vnc ssh > > If you're interested, I can email you a crude bash script you can run > on the client that will setup the first user on both client & server. If this is not too much effort for you, i would be also interested in this script. Klaus -- Klaus Berndl mailto: klaus.berndl@sdm.de sd&m AG http://www.sdm.de software design & management Thomas-Dehler-Str. 27, 81737 München, Germany Tel +49 89 63812-392, Fax -220 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH 2002-10-25 14:15 ` Klaus Berndl @ 2002-10-25 14:28 ` Phillip Lord 2002-10-25 16:55 ` Richard V. Molen 0 siblings, 1 reply; 7+ messages in thread From: Phillip Lord @ 2002-10-25 14:28 UTC (permalink / raw) >>>>> "Klaus" == Klaus Berndl <Klaus.Berndl@sdm.de> writes: Klaus> On 25 Oct 2002, Richard V. Molen wrote: >> Phillip Lord <p.lord@russet.org.uk> writes: >> > Okay, I guess you are right. I normally don't use ssh-agent, >> > because I >> >found the documentation a little scary, but it probably is time >> >to learn it properly! >> > >> > Thanks. >> > >> > Phil >> I did too. It helped me to remember that the client generates >> the keys and puts the public key(s) on the (sshd) server. Also >> that ssh2 DSA is sufficient if you have it; I think the rest is >> for historical support. >> >> But I'm getting off topic. Here's some helpful URLs. >> www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial >> www.openssl.org/support/faq.cgi OpenSSL FAQ >> www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book >> www.uk.research.att.com/vnc/sshvnc.html vnc ssh >> >> If you're interested, I can email you a crude bash script you can >> run on the client that will setup the first user on both client & >> server. Klaus> If this is not too much effort for you, i would be also Klaus> interested in this script. If its not sensitive, perhaps you could just post it. I would certainly be interested. Cheers Phil ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: VC with CVS over SSH 2002-10-25 14:28 ` Phillip Lord @ 2002-10-25 16:55 ` Richard V. Molen 0 siblings, 0 replies; 7+ messages in thread From: Richard V. Molen @ 2002-10-25 16:55 UTC (permalink / raw) Phillip Lord <p.lord@russet.org.uk> writes: > >>>>> "Klaus" == Klaus Berndl <Klaus.Berndl@sdm.de> writes: > > Klaus> On 25 Oct 2002, Richard V. Molen wrote: > > >> But I'm getting off topic. Here's some helpful URLs. > >> www.tac.nyc.ny.us/kim/ssh/ good ssh tutorial > >> www.openssl.org/support/faq.cgi OpenSSL FAQ > >> www.oreilly.com/catalog/sshtdg/chapter/ O'Reilly book > >> www.uk.research.att.com/vnc/sshvnc.html vnc ssh > >> > >> If you're interested, I can email you a crude bash script you can > >> run on the client that will setup the first user on both client & > >> server. > > Klaus> If this is not too much effort for you, i would be also > Klaus> interested in this script. > > If its not sensitive, perhaps you could just post it. I would > certainly be interested. Here it is, along with these disclaimers... 1. Use at your own risk. 2. I am not an expert on ssh nor bash. 3. Read the comments before running, this does delete some files. 4. Read the 'man ssh' page & 'good ssh tutorial' (above) first. ===start of script file=== #! /bin/bash #Generates private & public keys for SSH access on client & server sides #for the first time. Run this on client machine w/o arguments. # #--- DELETES/REPLACES prior authorized keys & config on BOTH client & server --- # #Modify this script if you need to preserve prior work on the #client or the server. If _you_ don't _already_ connect to this server from #other clients then use this w/o worry. # #This sets ssh to use only protocol version 2 DSA public key authentication. #RSA key generation should work too, if uncommented. # #Makes config file that for client that is copied to server for its other clients. # #Ran script on a client running Cygwin bash #with "OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f" #to a RH 7.3 Linux server running openssh daemon sshd. # #Note: For older versions DSA keys used separate files authorized_keys2 etc. # on server 'man ssh' then /^FILES echo "deleting 'authorized_keys' and all key files on client" echo "deleting 'known_hosts' -- these will be recreated in this script" cd ~/.ssh/ rm -f authorized_keys id* known_hosts # echo "generate public & private keys -- these will ask for a passphrases" # echo "Make private key file for RSA1 (protocol 1) using RSA" # echo "~/.ssh/(identity identity.pub)" # ssh-keygen # cat identity.pub >> authorized_keys # # echo "Make private key file for SSH2 (protocol 2) using RSA" # echo "~/.ssh/(id_dsa id_dsa.pub) -- ssh2 protocol 2 only rsa" # ssh-keygen -t rsa # cat id_rsa.pub >> authorized_keys echo "Make private key file for SSH2 (protocol 2) using DSA" echo "~/.ssh/(id_dsa id_dsa.pub) -- ssh2 protocol 2 only dsa (replaces .rhost...)" ssh-keygen -t dsa -f id_dsa cat id_dsa.pub >> authorized_keys echo "Disable ssh config file until end of script by" echo "Renaming it from ~/.ssh/config file to config.OLD." mv config config.OLD echo "Copy public keys to server (sshd host)" echo "If 'The authenticity of host ... can't be established.' ...SAY YES..." echo "(saying yes puts server key in client's known_hosts file.)" echo "expect to enter password..." scp -p authorized_keys $RUSER@$RSERVER:.ssh/ echo "Disallow write permission for groups & others for ssh files" echo "expect to enter passphrase or password..." ssh -2 -i id_dsa $RUSER@$RSERVER chmod go-w . .ssh .ssh/authorized_keys echo "Generate config file for client." cat <<EOF >config # ssh configuration file #Should double on client and server with NFS-home ability #Summary: use only ssh2/DSA key auth. rename this file to experiment # ref: 'man ssh' or 'info ssh' then '/CONFIGURATION FILES' # each host can have different settings. * means 'the rest' # Host 999.999.999.999 Host * # batch mode runs w/o user so no password/phrase requested. # BatchMode no # check ip address is in ~/.ssh/known_hosts CheckHostIP yes # protocol version 1 session encryption # Cipher blowfish # protocol version 2 session encrpytion # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc Compression yes CompressionLevel 6 # ConnectionAttempts 1 # EscapeChar ^] FallBackToRsh no # ForwardAgent no ForwardX11 yes # GatewayPorts no # protocol 2 -- use rhosts authentication first. HostbasedAuthentication no # key crypt algorithms to try in this order. HostKeyAlgorithms ssh-dss # HostKeyAlias for tunneling # HostName -- specifies the real host name to log into. # protocol 1 RSA1=identity, protocol 2 RSA=id_rsa, DSA=id_dsa IdentityFile ~/.ssh/id_dsa KeepAlive yes # Kerberos... # LocalForward host:port LogLevel INFO # message authentication code algorithms in order of preference (protocol 2) # MACs hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 # Don't gripe about wrong host on NFS-home system. NoHostAuthenticationForLocalhost yes NumberOfPasswordPrompts 2 PasswordAuthentication no # Port 22 # protocol 2 preferred authentications default: publickey, password, keyboard-interactive PreferredAuthentications publickey # Just use protocol 2 Protocol 2 PubkeyAuthentication yes # RemoteForward host:port # protocol 1 .rhosts check # RhostsAuthenication no # protocol 1 rhostrsa auth # RhostsRSAAuthenication no ChallengeResponseAuthentication yes # UsePrivilegedPort no User ric UseRsh no # XAuthLocation /usr/X11R6/bin/xauth # StrictHostKeyChecking: yes,no,ask -- check client's known_hosts file for server key EOF echo "Clean up known_hosts file so that only DSA server key is therein" echo "If 'The authenticity of host ... can't be established.' ...SAY YES..." echo "expect to enter passphrase & see server's present working directory" rm known_hosts echo "try ssh to see if a passphrase is requested" echo "expect to enter passphrase & see server's .ssh directory." ssh $RUSER@$RSERVER ls -l .ssh echo "Amend config file to require DSA key for server in client's known_hosts." cat <<EOF >>config # StrictHostKeyChecking: yes,no,ask -- check client's known_hosts file for server key StrictHostKeyChecking yes EOF echo "Copy ssh config file to server (sshd host) for its other clients" echo "It will replace servers config file" echo "expect to enter passphrase..." scp -p config $RUSER@$RSERVER:.ssh/ echo "...$0 is done -- ssh should be ready to use..." echo "...if password support is needed edit ~/.ssh/config or rename it..." ===end of script file=== -- Richard V. Molen Warning!! Signature under construction, safety glasses required. ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2002-10-25 16:55 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-10-24 14:18 VC with CVS over SSH Phillip Lord 2002-10-24 19:37 ` Richard V. Molen 2002-10-25 12:52 ` Phillip Lord 2002-10-25 13:57 ` Richard V. Molen 2002-10-25 14:15 ` Klaus Berndl 2002-10-25 14:28 ` Phillip Lord 2002-10-25 16:55 ` Richard V. Molen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).