Content

1. SSH with WinCvs 1.0.x and 1.1.x step by step
2. Notes about OpenSSH/Cygwin with WinCvs 1.1
3. Notes about OpenSSH/Cygwin with cvs.exe in a Dos command
4. Using OpenSSH/Cygwin with WinCvs, the TCP forwarding method
5. Accessing the repository accross a firewall using OpenSSH/Cygwin
6. Accessing the repository accross a firewall using teraterm/TTSSH
7. Download WinCVS-SSH-Guide (contributed by Patrick Reagan)
8. WinCVS SSH v2 setup guide (contributed by Ian Spray)

1) SSH with WinCvs 1.0.x and 1.1.x step by step (contributed by Frank Murphy)

Following is a list of steps to set up WinCVS 1.0.6 (1.1 beta differences are indicated in parenthesis) to use ssh that assume no UN*X knowledge. You will, however, need to know the name of the CVS server machine (called "cvs-server-host" here) and have an account ("username" here) on it. Also, you'll need to know the name of the module you'll be working with.



1. Find SSH using Google.
   Get the newest win32-version of SSH 1. Do not get a version that begins with a "2"! If you don't have the cygwin dll's or don't know what they are the file you should get is ssh-1_2_14-win32bin.zip. If you do use cygwin get whatever version you want, but this text will assume the 1.2.14 version, not tested with any other version.
2. Install the ssh client.
   To do this you should extract the client-archieve to whatever location you want, e.g. C:\PROGRA~1\SSH.
3. Make a few environment changes.
   SSH needs two environment variables to work properly: HOME and PATH.
   The first one (HOME) will set an environment variable for ssh to find your encrypted identity key. The second one (PATH) needs to be updated to include ssh. For Windows 95/98, modify your AUTOEXEC.BAT file to include the following two lines:
   SET HOME=C:\PROGRA~1\SSH
   SET PATH=%PATH%;C:\PROGRA~1\SSH

   Restart your computer for this to take effect.

   For Windows NT, open Start->Control Panel->System->Environment

   Add a variable HOME with the value C:\PROGRA~1\SSH.
   (If you want you can choose another directory, such as a home-directory for your private files.)

   Next, find the PATH variable. Add to it your SSH installation
   directory, e.g. C:\PROGRA~1\SSH (directories are separated by ';' ).

4. Test the SSH installation.
   Start an MS-DOS shell, and try to connect using ssh ("username" must be a valid UN*X shell account on the "cvs-server-host"):
   ssh -l username cvs-server-host

   You should be prompted for the username's password for cvs-server-host. If not, your setup is wrong. Go back. Fix it.

5. Setup CVS for password-less usage.
   If you want to enter a password every time you do any CVS action, skip this step. Trust me, you don't want to skip it. Make a directory called ".ssh" (DOTssh that is) in the directory you specified as HOME. (If you don't have an MS-DOS prompt (Win M.E.), you'll have to figure out how to make a directory called ".ssh" -- then tell me) Enter an MS-DOS prompt and type the following:
   mkdir C:\PROGRA~1\SSH\.SSH
   cd C:\PROGRA~1\SSH
   ssh-keygen -C <comment> -f ./.ssh/identity

   <comment> is an identifier placed in the public key (use your email address). Just press enter when it asks you for a passphrase. You don't want a passphrase. Now you need to set up the server to accept your keys. Run the secure copy command to send the identity.pub key to the server:
   scp ./.ssh/identity.pub username@cvs-server-host:identity.pub

   Then login to the server using the ssh command:
   ssh -l username cvs-server-host

   Now type the following commands into the SSH session (it's OK if the first command may complain that .ssh exists):
   mkdir .ssh
   cat identity.pub >> .ssh/authorized_keys
   chmod go-rwx .ssh/authorized_keys
   rm identity.pub
   logout

   Go back and try the previous step again; now it should log you in with no password. If it asks for a password, try adding '-v' before the '-l' and read the logs it prints. NOTE: Without the -C option the program will fail and you won't get a new key pair.

6. Configure WinCVS to use SSH.
   Start WinCVS, and open the preferences dialog. Under the "general" tab, set your CVSROOT to: username@cvs-server-host:/path/to/cvsroot. Set authentication to: SSH server (WinCvs 1.1.x : set the Home directory under the "WinCvs" tab to point on C:\ssh)
7. Test WinCVS setup.
   Use the menu CvsAdmin->Checkout module... and choose a directory on your hard drive to store the data file. (I call mine CVSROOT.) After selecting the directory WinCVS will ask you which module you want to checkout. You need to know that yourself. After pressing OK, the ouput text window of WinCVS should fill with log messages indicating a successful checkout.

2) Notes about OpenSSH/Cygwin with WinCvs 1.1 (also read archives on the cvsgui mailing list)

You need to install Cygwin for Windows. Latest Cygwin has OpenSSH bundled with it.

In the Preferences tab of WinCvs, set the authentication to "ssh" and use ssh-keygen (From the Cygwin shell) in order to generate an identity key. Then set in the WinCvs preferences tab the RSA identity to point on your identity RSA key (lets say C:\cygwin\home\alexp\.ssh\identity). Enter no passphrase when creating the key (this way cvs won't prompt for one).

You're ready to use ssh. Don't login, just try out a cvs command. If it doesn't work, try to login manually using ssh (see above).

3) Notes about OpenSSH/Cygwin with cvs.exe in a dos command (also read archives on the cvsgui mailing list)

You need to install Cygwin for Windows. Latest Cygwin has OpenSSH bundled with it.

I set-up ssh to connect without a password to my cvs server "cvs.3d.com" (it uses my private key, and the public key is on the server in ~/.ssh/authorized_keys). The machine from which I connect is named "mymachine". The server has sshd running on it.

mymachine > ssh cvs.3d.com
Last login: Tue Aug 15 18:57:40 2000 from
cvs.3d.com > exit
Connection to cvs.3d.com closed

Now I can try :

mymachine > set CVS_RSH=ssh
mymachine > set CYGWIN=binmode
mymachine > set CVSROOT=:ext:alexp@cvs.3d.com:/cvsroot
mymachine > cvs co -c

This command issues internally : ssh -l alexp cvs.3d.com cvs server

As usual, if something goes wrong, add the -v option to the previous command.

4) Using OpenSSH/Cygwin with WinCvs, the TCP forwarding method (please read the previous note prior of reading this)

You can use the TCP forwarding capability of ssh. In order to use the TCP forwarding, issue something like :

mymachine > ssh -L 2401:cvs.3d.com:2401 cvs.3d.com

And now I can set-up my CVSROOT to pserver and alexp@localhost:/cvsroot. WinCvs connects to mymachine, but is routed immediatly by ssh inside the secure tunnel until the real destination : cvs.3d.com port 2401 (pserver).

5) Accessing the repository accross a firewall using OpenSSH/Cygwin (please read the previous note prior of reading this)

The idea is to have ssh forwarding the pserver port on the client to the firewall, then from the firewall to the server.

You need (on the firewall) to issue :

myfirewall > ssh -L 2401:cvs.myserver.com:2401 cvs.myserver.com

Then you do the same on the client :

mymachine > ssh -L 2401:myfirewall.3d.com:2401 myfirewall.3d.com

Now you set-up WinCvs as described previously.

6) Accessing the repository accross a firewall using teraterm/TTSSH (Contributed by Luke Gilliam)

• General Explanation

  To access the CVS server from outside a firewall, you will use SSH to create a secure connection from your client machine to the SSHD on the firewall. Using port forwarding, SSH will grab any WinCVS traffic and send it over the secure connection. SSHD on the firewall will decrypt the traffic and forward it to the appropriate server.

  This document assumes you already have WinCVS configured, and that you have an account on a firewall running SSHD. If you already have RedHat, Mandrake, or some other RPM-compatible OS on your firewall, SSHD can be found and easily installed from http://www.rpmfind.net.



• Configuration Instructions

  Download :

  • teraterm
  • ssh extensions

  Install TeraTerm with the defaults, then unzip ttssh into the same directory that TeraTerm was installed into. You'll get several executables, including ttermpro and ttssh. ttssh is the one we want. Add the icon to a toolbar or the desktop probably, because you'll need it a lot.



• Config info:

  Start ttssh, and hit cancel for the first dialog box. Click Setup then TCP/IP. Remove all of the entries, then add the IP for your firewall, uncheck Telnet and Auto Window Close, and check History.

  Next, Click Setup then SSH Forwarding. Click Add. "Forward Local Port" radio button should already be selected. For CVS, put 2401 into "Forward Local Port", the IP name of your CVS server into "to remote machine", and 2401 into "port".

  Finally, Click Setup then Save Setup.

  Now click File then New Connection. You should see the firewall IP. Choose SSH for the service, then click Okay. Assuming a valid account on the firewall, supply your uid and password, and you'll get an SSH session. This needs to stay running as long as WinCVS is open. If this is your first time to connect to the firewall with SSH, a dialog box will pop up asking if you want to add an entry for this server. Do this. Dismiss any messages about non-existent files. Do a "netstat -a" from a command prompt and look for "listening" on port 2401 to verify you are connected.

  Next, start WinCVS. You need to make one change to an existing config: Click Admin then Preferences. Change CVSROOT to say localhost instead of your CVS server name. Example:

  jsmith@localhost:/home/cvs

  Should work like magic from there. This same setup is useful for other services such as ftp, vnc, and netbios using different ports.

  NOTE: I haven't tested this with private network behind a firewall. Also, SSHD on your firewall may be configured to timeout after an interval, and WinCVS will not necessarily give you a helpful error when the connection dies.