Re: Passwordless logins, .shosts for Windows CVS clients with Cygwin

From: Richard E. Silverman (res_at_qoxp.net)
Date: 12/24/03


Date: 24 Dec 2003 00:21:31 -0500


>>>>> "NKG" == Nico Kadel-Garcia <nkadel@comcast.net> writes:

    NKG> At my suggestion, he's been encouraging users to switch to using
    NKG> "CVS_RSH=/usr/bin/ssh" in CygWin windows.

Just a note: you may find performance a problem. This setup requires a
new SSH connection with every CVS command, which can be unacceptably slow
depending on the hardware involved, SSH configuration, frequency of CVS
commands used, etc.

It really shouldn't be this way -- ideally, you'd make one SSH connection
and then just get new channels as needed for various commands.
Unfortunately, the only command-line SSH implementation I know of that
does this in a fashion suitable for normal Unix use is lsh, which is just
not ready for regular use.

An alternative is to use port forwarding together with a restriced CVS
pserver, but this can be a bit awkward.

A more attractive alternative is kerberized CVS, but that requires more
infrastructure.

    NKG> Which is fine, but getting them to use "ssh-agent" to store an
    NKG> SSH key is something they don't like to do: they want to open a
    NKG> CygWin window or command window and just have it Work(tm).

    NKG> So I'm looking at setting up .shosts,

I assume you mean you want to use hostbased authentication.

    NKG> but am having some grief. Does anyone have a working
    NKG> "sshd_config" for OpenSSH 3.7.1p2 that allows .shosts use?

Well, the sshd_config part is easy: "hostbasedauthentication yes". The
trickier parts are getting all of /etc/shosts.equiv, ~/.shosts, the
known_hosts files, host keys, and naming service (DNS, NIS, etc.) all in
sync to allow it to work. Take a look at:

http://www.snailbook.com/faq/trusted-host-howto.auto.html

Also, refer to the relevant parts of the snail book. Post specifics if
things aren't working.

-- 
  Richard Silverman
  res@qoxp.net


Relevant Pages

  • Re: exec problems
    ... > Michael Schlenker wrote: ... This is a typical pipe setup for tcl (rather complex looking due to the ... If you just want to exec a cvs command like cvs update and do not need ...
    (comp.lang.tcl)
  • Re: How to use xargs with a shell redirect
    ... command with redirects in it? ... Every time I do a CVS update, I get merge conflicts on these files. ... like a perfect opportunity for the shell (BASH shell, ...
    (comp.unix.shell)
  • Re: RH9 suddenly wont boot?? Root filesystem damaged?? execvp not found??
    ... Were you using cvs to ... where "The file system is broken" usually involves a yes-or-no ... I'll boot back to RH and try that. ... It'll feel good not to get "bad command ...
    (alt.linux)
  • Re: Other CVS on VMS problems
    ... remote module) that should be pulled. ... The documentation ... What command would you use to hit a remote system? ... cvs: cannot fdopen 3 for write: bad file number ...
    (comp.os.vms)
  • Re: zsh completion for CVS
    ... > The command line completion for CVS in zsh seems to be broken: ... It depends on the filenames. ...
    (Debian-User)