Using Ssh-Agent To Connect To CVS

USING SSH-AGENT TO CONNECT TO CVS

The agent is run in the user's local PC, laptop, or terminal. It authenticates your pass phrases when running SSH or CVS. Normally when running CVS remotely you are prompted for a pass phrase every time you enter a CVS command. Before you can use the agent, you need to be able to login to an account at the remote site via SSH.

1. Use an encrypted passphrase to login to a remote Linux box from a local Linux box.

If you already have the remote .ssh directory set up and working, skip to part 2.

If there is no .ssh directory at the remote site, create one.

local> ssh ssh.cs.brown.edu          # Login to remote Brown Linux.
YOU@ssh.cs.brown.edu's password:
Last login: Thu Aug  5 16:13:52 2004 from local.cs.brown.edu

[remote]$ mkdir .ssh                  # Create the key directory.
[remote]$ cd .ssh                     # Go into it.

Open another local Linux terminal window and copy your local keys to your remote .ssh directory.

local> scp ${HOME}/.ssh/id_dsa YOU@ssh.cs.brown.edu:.ssh/
YOU@ssh.cs.brown.edu's password:
id_dsa                                     100%  736     0.7KB/s   00:00
local> scp ${HOME}/.ssh/id_dsa.pub YOU@ssh.cs.brown.edu:.ssh/
YOU@ssh.cs.brown.edu's password:
id_dsa.pub                                 100%  598     0.6KB/s   00:00

Back in the remote Linux window create the .ssh/authorized_keys file with:

[remote]$ cp id_dsa.pub authorized_keys

2. Use ssh-agent to automatically login to a remote Linux box from a local Linux box.

Utility scripts have been written to simplify starting and stopping the ssh-agent. They should be accessible via the PATH variable. You can either run them from the command line or from your login and logout scripts. The following instructions show how to run them via login scripts. You can do things a little differently if you prefer.

Verify you can login to the remote account with an encrypted passphrase.

local> ssh ssh.cs.brown.edu
Enter passphrase for key '/u/YOU/.ssh/id_dsa': 
Last login: Thu Aug 26 10:11:37 2004 from local.cs.brown.edu

[remote]$

If you are prompted for a password and not a passphrase your remote .ssh/ directory is not set up properly. Make sure the public key is in the .ssh/authorized_keys file on the remote Linux box. If the file .ssh/authorized_keys already exists you may need to append .ssh/id_dsa.pub to add you public key.

[remote]$  cat ${HOME}/.ssh/id_dsa.pub >> ${HOME}/.ssh/authorized_keys

Set up ssh-agent from csh or tcsh.

The following example assumes you placed the utility scripts in ${HOME}/bin/. If they are elsewhere then change the edits to reflect the actual location. Edit your login and logout scripts and add the following lines:

<<< .cshrc >>>
alias  agent  source  ${HOME}/bin/agent.csh
<<< .cshrc >>>

<<< .logout >>>
source  ${HOME}/bin/kill.agent.csh
<<<  end .logout >>>

Set up ssh-agent from sh or bash.

Edit your login and logout scripts and add the following lines:

<<< .cshrc >>>
source  agent.sh
<<< .cshrc >>>

<<< .logout >>>
kill.agent
<<<  end .logout >>>

Login using the ssh-agent.

Start the agent and enter your passphrase. You only need to do this once per session.

local> agent
ssh agent started [20755]
Enter passphrase for /u/YOU/.ssh/id_dsa:
Identity added: /u/YOU/.ssh/id_dsa (/u/YOU/.ssh/id_dsa)

Now when you login to the remote computer or run a CVS command you won't be prompted for your password.

local> ssh ssh.cs.brown.edu
Last login: Thu Aug 26 12:54:20 2004 from local.cs.brown.edu

[remote]$

When you logout the agent process will be killed if it is running. Sometimes it takes several seconds to do this.

local> exit
logout
killing ssh agent [20755]
All identities removed.
Connection to local closed.

If anyone wants to know how to use ssh-agent on Windows, let me (Brad) know and I'll post instructions.