Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

CVS_ Networking_ and the Secure Shell _SSH_

VIEWS: 4 PAGES: 17

									                  Introduction
           SSH Usage Examples
                 CVS and SSH
             Passwordless SSH
                    Conclusion




CVS, Networking, and the Secure Shell (SSH)

                      Marc Lanctot

                Dept of Computing Science
                  University of Alberta


                   28th March 2007




                 Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                            Introduction
                     SSH Usage Examples
                           CVS and SSH
                       Passwordless SSH
                              Conclusion


What is SSH?

  SSH stands for “secure shell”.
      SSH lets you connect to and run commands on a remote
      machine.
      SSH is secure because the information exchange between
      hosts is encrypted. Also, hosts and users can be authenticated
      using public-key cryptography.
      SSH’s predecessors are telnet, rsh, and rlogin. SSH can
      do everything they can do, but securely.
      SSH allows you to work from home more easily. For example,
      you can use it to test your programs on the school machines
      without being in the lab.


                           Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                            Introduction
                     SSH Usage Examples
                           CVS and SSH
                       Passwordless SSH
                              Conclusion


Terminology
         Host A machine connected to a network.
   Local Host The machine you are working on.
  Remote Host The machine you are connect(ing/ed) to.
  Authentication Proving that you are the person or identity that
               you claim to be. Traditionally, providing a user name
               and password was the main form of authentication.
               Today, we can use public-key cryptography to
               authenticate.
   Encryption A way of scrambling data so that only the two
               entities communicating can successfully unscramble
               the messages. This prevents outsiders or
               hosts/devices used for transit from “sniffing”
               (eavesdropping), ie. discovering potentially private
               information.
                           Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Using SSH to Connect to a Remote Host
  Let’s connect to a remote host using SSH.
  lanctot@ug25:~>ssh ug18
  lanctot@ug18’s password:
  Last login: Sun Mar 25 16:04:58 2007 from ug25.cs.ualberta.ca
  Linux 2.4.34.

            COMPUTING SCIENCE UNDERGRADUATE LABORATORIES

   Please report all hardware and software problems by mailing a message
   to "labadmin". For urgent problems, or outside of working hours, please
   phone 492-9219 and report the problem with as complete and accurate a
   description as you can. This will page the System Administrator on call.

  lanctot@ug18:~>hostname
  ug18
  lanctot@ug18:~>exit
  logout
             ...
  Connection to ug18 closed.
  lanctot@ug25:~>
                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                           Introduction
                    SSH Usage Examples
                          CVS and SSH
                      Passwordless SSH
                             Conclusion


Host Names and Domains
  In the previous example, the remote host was ug18 and the local
  host was ug25. These are the short host names for these hosts.
  Their full names are ug18.cs.ualberta.ca and
  ug25.cs.ualberta.ca.
                      fully−qualified domain name



                     ug18.cs.ualberta.ca

                   host name              domain name

  Note: you can always use just the host name if you’re connecting
  to a remote host on the same domain as the local host.
                          Marc Lanctot     CVS, Networking, and the Secure Shell (SSH)
                            Introduction
                     SSH Usage Examples
                           CVS and SSH
                       Passwordless SSH
                              Conclusion


Running Remote Commands using SSH

  Now let’s see how we can use SSH to run a command on a remote
  host, without even opening an interactive session with it.
  lanctot@ug25:~>ssh ug18 "ls /tmp"
  lanctot@ug18’s password:
  fileDIZjJo
  lost+found
  lanctot@ug25:~>
  lanctot@ug25:~>ls /tmp
  ksocket-ntaylor lost+found ssh-abmgB13265          ssh-fLYri13504         ssh-lmINB14112
  lanctot@ug25:~>


  The output returned from the first command is output from the ls
  /tmp command run on ug18! In fact, this is precisely how CVS is
  used over a network.

                           Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Using SSH to Access a Remote CVS Repository

  Finally, let’s see how we can use SSH and CVS together. It is as
  simple as declaring two environment variables, and then just using
  CVS in the same way as usual.
  lanctot@ug25:~>export CVSROOT="YOURUSERNAME@nojack.cs.ualberta.ca:/cvs/c201"
  lanctot@ug25:~>export CVS_RSH="ssh"


  You must replace YOURUSERNAME with your actual Unix user ID.
  Eg. mine is lanctot. The first commN tellS CVS where the
  repository is: on a server called nojack in a directory /cvs/c201.
  The second command tells CVS what to use to run remote
  commands.


                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Using SSH to Access a Remote CVS Repository
  You all have a module which is the same name as your Unix ID. A
  CVS module is basically a top-level directory in the repository.
  Let’s check it out!
  lanctot@ug25:~>cvs co YOURUSERNAME
  The authenticity of host ’nojack.cs.ualberta.ca (129.128.29.236)’ can’t ...
  RSA key fingerprint is a7:70:a6:4c:94:7b:04:27:2e:fe:3e:e9:22:7f:51:4d.
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added ’nojack.cs.ualberta.ca’ (RSA) to the list ...
  YOURUSERNAME@nojack.cs.ualberta.ca’s password:
  cvs checkout: Updating YOURUSERNAME
  lanctot@ug25:~>


  The warning above will always be given when connecting to a host
  for the first time; answering ’yes’ will add the host’s identity to a
  local file (~/.ssh/known hosts) to authenticate that server in the
  future.
                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Adding and Checking in Files
  Here is a reminder on how to add and check in files:
  lanctot@ug25:~>cd lanctot
  lanctot@ug25:~/lanctot>emacs testcvs.c
  lanctot@ug25:~/lanctot>cvs add testcvs.c
  lanctot@nojack.cs.ualberta.ca’s password:
  cvs add: scheduling file ‘testcvs.c’ for addition
  cvs add: use ’cvs commit’ to add this file permanently
  lanctot@ug25:~/lanctot>cvs ci
  cvs commit: Examining .
  lanctot@nojack.cs.ualberta.ca’s password:
  RCS file: /cvs/c201/lanctot/testcvs.c,v
  done
  Checking in testcvs.c;
  /cvs/c201/lanctot/testcvs.c,v <-- testcvs.c
  initial revision: 1.1
  done
  lanctot@ug25:~/lanctot>

  Note that you must authenticate every time you use CVS.
                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Synchronizing Local Files with the Repository

  Suppose you work from more than one place: maybe at the labs
  and at home. You make a change to a file from the lab and check
  it in to the repository. To remotely connect from home, in one
  terminal you must first connect to labs:
  lanctot@desktop:~% ssh lanctot@labs.cs.ualberta.ca
  lanctot@labs.cs.ualberta.ca’s password:
  Last login: Wed Mar 7 08:59:25 2007 from s010600179a4978d0.ed.shawcable.net
  OpenBSD 3.9-current (GENERIC) #0: Thu Jul 20 09:10:53 MDT 2006
                                   .
                                   .
                                   .
  DO NOT FORGET to disconnect this session when you are finished.


  You must leave this connection open when connecting to other
  hosts on the Computing Science Department’s domain.

                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Synchronizing Local Files with the Repository

  Now, from home, you can issue the cvs up (up is short for
  “update”).
  lanctot@desktop:~% export CVSROOT="lanctot@nojack.cs.ualberta.ca:/cvs/c201"
  lanctot@desktop:~% export CVS_RSH="ssh"
  lanctot@desktop:~% cd lanctot/
  lanctot@desktop:lanctot% cvs up
  lanctot@nojack.cs.ualberta.ca’s password:
  cvs update: Updating .
  U testcvs.c
  lanctot@desktop:lanctot%


  CVS will update the local copy of the repository with the changes
  that have been made since the last check out or update. Often,
  CVS will even automatically merge the code for you!

                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Setting up Passwordless SSH, Step 1
  You can setup SSH so that you don’t have to enter your password
  every time you use SSH, including via CVS. The first step is to
  create a public and private key on the local host:
  lanctot@ug25:~>ssh-keygen -t dsa
  Generating public/private dsa key pair.
  Enter file in which to save the key (/home/dsk05/cshome/lanctot/.ssh/id_dsa):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /home/dsk05/cshome/lanctot/.ssh/id_dsa.
  Your public key has been saved in /home/dsk05/cshome/lanctot/.ssh/id_dsa.pub.
  The key fingerprint is:
  24:24:16:e9:4a:af:64:1d:8d:54:6e:c2:3a:c2:d0:c3 lanctot@ug25
  lanctot@ug25:~>

  IMPORTANT Notes: (non-empty) passphrases are strongly
  recommended for use in the labs. The private key .ssh/id dsa is
  extremely valuable, as valuable as a password!
                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Setting up Passwordless SSH, Step 2


  Now you must copy the contents of the file ~/.ssh/id dsa.pub
  into the ~/.ssh/authorized keys on the remote host.
  lanctot@ug25:~>cat .ssh/id_dsa.pub | ssh ug18 "cat >> .ssh/authorized_keys"
  lanctot@ug18’s password:
  lanctot@ug25:~>


  Note: you only have to do this step 1 and 2 the first time you
  setup passwordless SSH between these two hosts. Also note: on a
  network where home directories are shared, these steps only have
  to be done once ever for all hosts.



                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                             Introduction
                      SSH Usage Examples
                            CVS and SSH
                        Passwordless SSH
                               Conclusion


Using SSH Without Typing in the Password

  Now, you can invoke the SSH agent and add your key’s
  passphrases to it. Then SSH can be used without a password.
  lanctot@ug25:~>eval $(ssh-agent)
  lanctot@ug25:~>ssh-add
  Enter passphrase for /home/dsk05/cshome/lanctot/.ssh/id_dsa:
  Identity added: /home/dsk05/cshome/lanctot/.ssh/id_dsa (...)
  Identity added: /home/dsk05/cshome/lanctot/.ssh/id_dsa (...)
  lanctot@ug25:~>ssh ug18
  Last login: Sun Mar 25 16:09:30 2007 from ug25.cs.ualberta.ca
                   .
                   .
                   .
  lanctot@ug18:~>




                            Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                            Introduction
                     SSH Usage Examples
                           CVS and SSH
                       Passwordless SSH
                              Conclusion


Using SSH Without Typing in the Password

  When you’re done using the agent(s), kill the process(es).
  Otherwise, the process will remain in memory even after you
  logout.
  lanctot@ug18:~>exit
                .
                .
                .
  lanctot@ug25:~>ps aux | grep ssh-agent
  lanctot 29507 0.0 0.1 2948 1560 ?                  Ss     Mar25       0:00 ssh-agent
  lanctot 10758 0.0 0.1 2948 1560 ?                  Ss     10:01       0:00 ssh-agent
  lanctot 10761 0.0 0.1 2948 1560 ?                  Ss     10:01       0:00 ssh-agent
  lanctot@ug25:~>killall -9 ssh-agent
  lanctot@ug25:~>ps aux | grep ssh-agent
  lanctot 10766 0.0 0.0 1484 484 pts/0               R+     10:02       0:00 grep ssh-agent
  lanctot@ug25:~>



                           Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                            Introduction
                     SSH Usage Examples
                           CVS and SSH
                       Passwordless SSH
                              Conclusion


Summary

    SSH is a secure way to run remote commands or login to a
    remote host
    SSH can be used in conjunction with CVS to:
          Keep the repository module on a central server host
          Allow convenient maintenance and transfer of source code over
          a network
          Make it easy to work on the same code from several different
          places
    SSH can be setup so that you do not need to type in a
    password for every remote command using public-key
    authentication and the ssh-agent.
          Recall: A private key is like your electronic fingerprint; never
          give it to anyone or change permissions of the file.

                           Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)
                          Introduction
                   SSH Usage Examples
                         CVS and SSH
                     Passwordless SSH
                            Conclusion


For More Information

      Read the Command-Line CVS Tutorial at http://ugweb.cs.
      ualberta.ca/~c301/W07/labs/cvs/cmdline.html
      Read the SSH man page: man ssh
      See the web page for OpenSSH: http://www.openssh.com/
      Do a Google search for “Passwordless SSH” or “CVS over
      SSH HOWTO”
  ATTN: Windows Users
     TortoiseCVS is a free CVS client that supports built-in SSH
     PuTTY is a free SSH client
     WinSCP is a free SCP (“secure copy”) client
     Cygwin is a free Unix-like environment that has CVS and SSH
     components
                         Marc Lanctot    CVS, Networking, and the Secure Shell (SSH)

								
To top