Re: Passwordless logins, .shosts for Windows CVS clients with Cygwin

From: Richard E. Silverman (res_at_qoxp.net)
Date: 12/24/03


Date: 24 Dec 2003 00:21:31 -0500


>>>>> "NKG" == Nico Kadel-Garcia <nkadel@comcast.net> writes:

    NKG> At my suggestion, he's been encouraging users to switch to using
    NKG> "CVS_RSH=/usr/bin/ssh" in CygWin windows.

Just a note: you may find performance a problem. This setup requires a
new SSH connection with every CVS command, which can be unacceptably slow
depending on the hardware involved, SSH configuration, frequency of CVS
commands used, etc.

It really shouldn't be this way -- ideally, you'd make one SSH connection
and then just get new channels as needed for various commands.
Unfortunately, the only command-line SSH implementation I know of that
does this in a fashion suitable for normal Unix use is lsh, which is just
not ready for regular use.

An alternative is to use port forwarding together with a restriced CVS
pserver, but this can be a bit awkward.

A more attractive alternative is kerberized CVS, but that requires more
infrastructure.

    NKG> Which is fine, but getting them to use "ssh-agent" to store an
    NKG> SSH key is something they don't like to do: they want to open a
    NKG> CygWin window or command window and just have it Work(tm).

    NKG> So I'm looking at setting up .shosts,

I assume you mean you want to use hostbased authentication.

    NKG> but am having some grief. Does anyone have a working
    NKG> "sshd_config" for OpenSSH 3.7.1p2 that allows .shosts use?

Well, the sshd_config part is easy: "hostbasedauthentication yes". The
trickier parts are getting all of /etc/shosts.equiv, ~/.shosts, the
known_hosts files, host keys, and naming service (DNS, NIS, etc.) all in
sync to allow it to work. Take a look at:

http://www.snailbook.com/faq/trusted-host-howto.auto.html

Also, refer to the relevant parts of the snail book. Post specifics if
things aren't working.

-- 
  Richard Silverman
  res@qoxp.net


Relevant Pages

  • Re: exec problems
    ... > Michael Schlenker wrote: ... This is a typical pipe setup for tcl (rather complex looking due to the ... If you just want to exec a cvs command like cvs update and do not need ...
    (comp.lang.tcl)
  • Re: CVS client for ARM7 machines
    ... the command line tool, if you'd be interested. ... but the other day I used it to get some stuff from the RISC OS ... Open Ltd CVS repository quite easily. ... The "co" is short for checkout and you can write it in full ...
    (comp.sys.acorn.programmer)
  • Re: How to use xargs with a shell redirect
    ... command with redirects in it? ... Every time I do a CVS update, I get merge conflicts on these files. ... like a perfect opportunity for the shell (BASH shell, ...
    (comp.unix.shell)
  • Re: RH9 suddenly wont boot?? Root filesystem damaged?? execvp not found??
    ... Were you using cvs to ... where "The file system is broken" usually involves a yes-or-no ... I'll boot back to RH and try that. ... It'll feel good not to get "bad command ...
    (alt.linux)
  • Re: cvs over ssh with non standard port
    ... > I am trying to get cvs to access the repository through a ssh connection ... > when the sshd is listening on a non standard port. ... > but cvs insisted on trying port 22. ...
    (Debian-User)