If you access CVS over SSH you will know that you have to do two things to get it working. Firstly, you have to set the CVS_RSH environment variable to the location of your SSH binary. Secondly you have to use the :ext: scheme for the CVSROOT environment variable (or -d flag). The thing is, there is no place in the :ext: scheme to set a port number! This means that CVS will try to open the SSH connection to the specified server on the standard SSH port. I don’t like running SSHD on the standard port, I much prefer to stick it on a non-standard port, but does that mean I can’t use CVS over SSH? Well, if you leave things to CVS then yes, but luckily OpenSSH is not as retarded as CVS and provides you with a simple mechanism for over-ridding the default port on a per-host basis. The key is to add an entry for the host in question to your ~/.ssh/config file. The sample below tells SSH to use port 123 as the default port when connecting to the server my.machine.ie:

Host my.machine.ie
  Port 123

This will work on Unix, Linux and OS X as well as through Cygwin on Windows.

[tags]SSH, CVS, OpenSSH[/tags]

Tagged with:

SSH Agent LogoIf, like me, you spend a lot of time using SSH you’ll probably like the idea of being able to log in to servers without a password. If you really want this you can do it by setting up a SSH key pair with an unencrypted private key. This works, it lets you log in to your servers without a password. HOWEVER, it’s a simply disastrous idea from a security point of view. The only reason I don’t do this is because the idea of an unencrypted private key scares the bejeesus out of me. Hence, I still dutifully type my SSH password each time I connect to a server, and each time I check something in to source control. I’ve been keeping an eye out for a simple solution for a while but hadn’t been actively thinking about it for months. That is until I came across Dave Dribin’s blog post Putting the “S” Back Into SSH this morning. Dave rightly points out that there is a solution, ssh-agent, the problem is it’s a command-line tool and by all account not the simplest one to use. So, what’s obviously needed is a nice GUI for ssh-agent. Dave initially thought he’d found the solution in the program SSHKeychain. SSHKeychain is more of a proxy for ssh-agent than a GUI for it though, and Dave soon discovered that it has it’s fair share of problems. So, in the end, I didn’t decide to use SSHKeychain. However, the post inspired me to have another go at finding a solution. Also, the reference to ssh-agent sparked a vague memory in the back of my head of an OS X GUI for something to do with SSH that had the word ‘agent’ in its name.

[tags]SSH, SSH Keys, ssh-agent, OS X, Apple[/tags]

Read more

Tagged with:

NOTE: tested on OS X 10.7 Lion, works fine!

These instructions are for setting up a mac to use connect.c to get SSH through a SOCKS proxy. If you are not using OS X this may still be of some use to you because connect.c will compile on Windows and *nix as well. If you’re in the NUIM oncampus accommodation and are having problems SSHing this could be the answer to your problems!

The first step is to get a copy of connect.c and compile it. The website contains instructions for doing this on other platforms but for the mac use:

gcc connect.c -o connect -lresolv

This will spool out a ream of warnings but don’t worry about that.

Then you have to copy this to a folder in the path and set up the correct permissions:

sudo cp connect /usr/bin
sudo chmod 555 /usr/bin/connect
sudo chown root:wheel /usr/bin/connect

At this stage connect.c is installed, you now need to tell SSH to use this proxy for any servers you want to connect to that is outside the campus.

To do this you need to add lines of this form to ~/.ssh/config:

Host xxx.yyy.com
  ProxyCommand connect -a none -S socks.yyy.com %h %p

The example above is for connection to xxx.yyy.com, you’ll need pairs like this for each host you want to connect to. You should separate the pairs with a bank line.

That’s it, you can now ssh as normal and ssh will use the SOCKS proxy.

ssh [email protected]

Tagged with: