mozilla
Your Search Results

    Using SSH to connect to CVS

    Introduction

    This document is a guide to setting up access to cvs.mozilla.org using SSH.

    This document assumes that you already have a write-access CVS account to cvs.mozilla.org. Anonymous/read-only access via SSH is not available at this time. Please see our source code page for directions accessing read-only CVS, and our getting write access page for directions on obtaining write access.

    Generating an SSH key

    First, install ssh. Most Linux, BSD, and OSX distributions come with it installed already. Cygwin makes ssh available on Windows if you install the openssh package from the Net category. If all else fails, OpenSSH is a widely used and highly portable implementation. The following command should generate a suitable key pair:

    ssh-keygen -t dsa
    

    This will take a moment, followed by a prompt for a passphrase. Once you have entered a passphrase, ssh-keygen will create two files,

    ~/.ssh/id_dsa
    

    and

    ~/.ssh/id_dsa.pub
    

    Do not send id_dsa.

    Do file a Server Operations bug in Bugzilla and attach your id_dsa.pub to the bug.

    Setting up CVS to use SSH

    In your system's environment, make sure that CVS_RSH is set to whatever your ssh binary is called; a full path is not necessary if ssh is already in your path.

    Replace pserver with ext in your CVSROOT environment variable. If you wish to keep your previous pserver trees, you'll need to update the Root files in each CVS subdirectory in your tree. This can be done using a unix-style find and perl:

    find . -name Root -exec perl -p -i -e "s/pserver/ext/" {} \;
    

    Dealing with firewalls

    Do not attempt to perform the steps in this section unless you have first verified that you can access cvs.mozilla.org from outside of the firewall. Only proceed with these steps once you are certain you can access cvs.mozilla.org from the open Internet.

    If you are behind a firewall with an http tunneling proxy, you can use a program called corkscrew, in combination with the ProxyCommand ssh config directive to continue to access the mozilla CVS server. This technique was taken from Eric Engstrom's site, but the instructions have been re-written specifically for Mozilla.

    1. Download, build, and install corkscrew by following the instructions in the INSTALL file in the corkscrew source distribution. Corkscrew uses the standard "./configure; make install" technique common to many open source projects.
    2. Make sure you have a ~/.ssh/config file that has at least the following directives
    PreferredAuthentications hostbased,publickey,password
    Host cvs.mozilla.org
      ProxyCommand corkscrew <i>proxyserver.foo.com</i> <i>port</i> %h %p
    

    Replace proxyserver.foo.com with the hostname of your proxy server, and port with the numeric TCP port on which the http tunnel is running.

    The usual cvs commands should now work.

    Avoiding passphrase requests

    You can avoid repeated passphrase requests by using ssh-agent. If you don't already run ssh-agent on your computer, it's probably easiest to start it up whenever you set up your environment to checkout and build Mozilla. Assuming you use a shell script or batch file to set things up, just add the commands below to the end of your file.

    POSIX shell

    eval `ssh-agent -s`
    ssh-add ~/.ssh/id_dsa
    $SHELL
    ssh-agent -k
    exit
    

    X Windows

    In "~/.xinitrc" add "ssh-add". This will bring up a graphic box just after login, and before the desktop loads, asking for your passphrase. The passphrase will be held for the length of the x session, and be passed on to all child shells.

    MS-DOS command prompt

    Cygwin
    for /f "tokens=1,2,3* delims=; " %%a in ('ssh-agent -c') do if "%%a"=="setenv" set %%b=%%c
    set HOME=/cygdrive/c/path/to/your/cygwin/home/directory
    ssh-add ~/.ssh/id_dsa
    start /b /wait cmd.exe
    ssh-agent -k
    exit
    

    Essentially both sets of commands do the same thing. First ssh-agent is called and its output is evaluated in the current environment. This sets environment variables that let cvs know how to find and use the agent. Your private key is then added to ssh-agent using ssh-add at which point you will be prompted for the key's passphrase. Since it's important that you kill the agent when you're finished with it, the last three lines start a child environment that, when exited, will result in the agent's process being killed. The environment you will actually use to build is the child environment.

    There are a few things to note about the commands for the MS-DOS Command Prompt. First of all they will only work in versions of Windows based on NT (NT/2000/XP). If you're building on Win9x/WinME you'll need to find an alternative solution. If you're typing the commands directly (as opposed to storing them in a batch file that you call), you'll need to replace the occurances of "%%" in the first line with "%". Finally, note that ssh-add needs the environment variable HOME to be set with the cygwin path to your cygwin home directory.

    MozillaBuild

    If you're using MozillaBuild, ssh-agent should be started when you run the start-msvc???.bat file. You should be prompted to enter your passphrase.

    MozillaBuild 1.2 contains a bug that will stop ssh-agent from automatically starting with MSYS. To fix this, apply this diff to c:\mozilla-build\msys\etc\profile.d\profile-sshagent.sh.

    Document Tags and Contributors

    Contributors to this page: teoli, Nickolay, Bhearsum, Mgjbot, Edburns@acm.org, Brycenesbitt
    Last updated by: Brycenesbitt,
    Hide Sidebar