Using SSH to connect to CVS

  • Revision slug: Using_SSH_to_connect_to_CVS
  • Revision title: Using SSH to connect to CVS
  • Revision id: 170025
  • Created:
  • Creator: Edburns@acm.org
  • Is current revision? No
  • Comment /* Dealing with Firewalls */

Revision Content


Introduction

This document is a guide to setting up access to cvs.mozilla.org using ssh.

This document assumes that you already have a write-access CVS account to cvs.mozilla.org. Anonymous/read-only access via SSH is not available at this time. Please see our source code page for directions accessing read-only CVS, and our getting write access page for directions on obtaining write access.

Generating an SSH key

First, install ssh. Most Linux, BSD, and OSX distributions come with it installed already. Cygwin makes ssh available on Windows if you install the openssh package from the Net category. If all else fails, OpenSSH is a widely used and highly portable implementation. The following command should generate a suitable key pair:

ssh-keygen -t dsa

This will take a moment, followed by a prompt for a passphrase. Once you have entered a passphrase, ssh-keygen will create two files,

~/.ssh/id_dsa

and

~/.ssh/id_dsa.pub

Do not send id_dsa.

Do file a Server Operations bug in Bugzilla and attach your id_dsa.pub to the bug.

Setting up CVS to use SSH

In your system's environment, make sure that CVS_RSH is set to whatever your ssh binary is called; a full path is not necessary if ssh is already in your path.

Replace pserver with ext in your CVSROOT environment variable. If you wish to keep your previous pserver trees, you'll need to update the Root files in each CVS subdirectory in your tree. This can be done using a unix-style find and perl:

find . -name Root -exec perl -p -i -e "s/pserver/ext/" {} \;

Dealing with Firewalls

If you are behind a firewall with an http tunneling proxy, you can use a program called corkscrew, in combination with the ProxyCommand ssh config directive to continue to access the mozilla cvs server. This technique was taken from Eric Engstrom's site, but the instructions have been re-written specifically for mozilla.

  1. Download, build, and install corkscrew by following the instructions in the INSTALL file in the corkscrew source distribution. Corkscrew uses the standard "./configure; make install" technique common to many open source projects.
  2. Make sure you have a ~/.ssh/config file that has at least the following directives
PreferredAuthentications hostbased,publickey,password
Host cvs.mozilla.org
  ProxyCommand corkscrew <i>proxyserver.foo.com</i> <i>port</i> %h %p

Replacing proxyserver.foo.com with the hostname of your proxy server, and port with the numeric TCP port on which the http tunnel is running.

Revision Source

<p>
</p><p><br>
</p>
<h2 name="Introduction"> Introduction </h2>
<p>This document is a guide to setting up access to cvs.mozilla.org using ssh. 
</p>
<blockquote>
This document assumes that you already have a write-access CVS account to cvs.mozilla.org. Anonymous/read-only access via SSH is not available at this time. Please see our <a href="en/Mozilla_Source_Code_(CVS)">source code page</a> for directions accessing read-only CVS, and our <a href="en/Getting_commit_access_to_Mozilla_source_code">getting write access page</a> for directions on obtaining write access. 
</blockquote>
<h2 name="Generating_an_SSH_key"> Generating an SSH key </h2>
<p>First, install ssh. Most Linux, BSD, and OSX distributions come with it installed already. Cygwin makes ssh available on Windows if you install the openssh package from the Net category. If all else fails, <a class="external" href="http://www.openssh.com/">OpenSSH</a> is a widely used and highly portable implementation. The following command should generate a suitable key pair: 
</p>
<pre>ssh-keygen -t dsa
</pre>
<p>This will take a moment, followed by a prompt for a passphrase. Once you have entered a passphrase, ssh-keygen will create two files, 
</p>
<pre>~/.ssh/id_dsa
</pre>
<p>and
</p>
<pre>~/.ssh/id_dsa.pub
</pre>
<p>Do <strong>not</strong> send <i>id_dsa</i>.
</p><p><strong>Do</strong> file a Server Operations bug in <a class="external" href="https://bugzilla.mozilla.org/">Bugzilla</a> and attach your <i>id_dsa.pub</i> to the bug.
</p>
<h2 name="Setting_up_CVS_to_use_SSH"> Setting up CVS to use SSH </h2>
<p>In your system's environment, make sure that <i>CVS_RSH</i> is set to whatever your ssh binary is called; a full path is not necessary if ssh is already in your path. 
</p><p>Replace <code>pserver</code> with <code>ext</code> in your <code>CVSROOT</code> environment variable. If you wish to keep your previous pserver trees, you'll need to update the <code>Root</code> files in each <code>CVS</code> subdirectory in your tree. This can be done using a unix-style <code>find</code> and <code>perl</code>: 
</p>
<pre>find . -name Root -exec perl -p -i -e "s/pserver/ext/" {} \;
</pre>
<h3 name="Dealing_with_Firewalls"> Dealing with Firewalls </h3>
<p>If you are behind a firewall with an http tunneling proxy, you can use a program called <a class="external" href="http://agroman.net/corkscrew/">corkscrew</a>, in combination with the <code>ProxyCommand</code> ssh config directive to continue to access the mozilla cvs server.  This technique was taken from <a class="external" href="http://www.mtu.net/~engstrom/ssh-proxy.php">Eric Engstrom's site</a>, but the instructions have been re-written specifically for mozilla.
</p>
<ol><li> Download, build, and install corkscrew by following the instructions in the <code>INSTALL</code> file in the corkscrew source distribution.  Corkscrew uses the standard "./configure; make install" technique common to many open source projects.
</li><li> Make sure you have a <code>~/.ssh/config</code> file that has at least the following directives
</li></ol>
<pre>PreferredAuthentications hostbased,publickey,password
Host cvs.mozilla.org
  ProxyCommand corkscrew &lt;i&gt;proxyserver.foo.com&lt;/i&gt; &lt;i&gt;port&lt;/i&gt; %h %p
</pre>
<p>Replacing <i>proxyserver.foo.com</i> with the hostname of your proxy server, and <i>port</i> with the numeric TCP port on which the http tunnel is running.
</p>
Revert to this revision