Accessing CVS via SSH

using a non-default ssh identity file

The CVS server has a mode that accepts connections tunneled via SSH. To achieve this, the server process must be started by ssh in server mode.

On the client side create an ssh identity (public/private) key pair:

cd ~/.ssh
ssh-keygen -t rsa -f id_rsa_cvs_server

This creates the files ~/.ssh/id_rsa_cvs_server and ~/.ssh/

The file ~/.ssh/ contains a long line of text which is the public key. This line must be appended to the file ~/.ssh/authorized_keys on the server side to allow for a client which knows the corresponding private key to login to the server.

As the CVS client should only be able to access the CVS repository and not execute arbitrary commands, the entry in ~/.ssh/authorized_keys should be preceded by the command to execute:

command="/usr/bin/cvs server" ssh-rsa <key data> <user>@<host>

On the client side you need to specify, how to connect to the cvs server. This is preferably added to ~/.bashrc to have it as a permanent setting:

export CVSROOT=:ext:<user>@<>:<cvs_repository_directory>
export CVS_RSH=~/bin/ssh_cvs

The CVS_RSH variable contains the command which the cvs client executes to exchange it's data with the server, i.e. the ssh command.

As the ssh command needs to use a different identity file than the default one to connect to the CVS server, the command in CVS_RSH must be a shell script which calls the ssh command with the appropriate -i option.

The shell script ~/bin/ssh_cvs:

exec ssh -i ~/.ssh/id_rsa_cvs_azug $*
linux logo Powered by Apache
This site maintained by:
My public PGP key
last updated: 2008-03-21 Valid CSS! Valid XHTML 1.0 Strict