Menu
▾
▴
#875 ssh protocol problem with wincvs 2.0.0.1
Using ssh for wincvs
I am able to use ssh on my client (XP) to login
(without requiring a passphrase or password) using rsa
authentication. When I try to use the ssh protocol in
wincvs (V2.0.0.1 build 1) I get prompted for a password
and get the following error message on the cvs.exe
console window.
Unable to use key file
"E:\\packages\\cygwin\\home\\steve\\.ssh\\id_rsa" (OpenSS
H SSH2 private key)
Why can't wincvs use the ssh private key? Obviously I
can't enter my password for every cvs command.
here's my CVSROOT:
:ssh;username=steve;hostname=fuzzy;port=22;privatekey='E:\packages\cygwin\home\steve\.ssh\id_rsa';version=SSH2:/home/cvsroot
output from client (XP) using ssh to login to remote
cvs server machine (linux box):
steve@scoter ~/.ssh
$ ssh -v fuzzy
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Connecting to fuzzy [192.168.0.6] port 22.
debug1: Connection established.
debug1: identity file /home/steve/.ssh/identity type -1
debug1: identity file /home/steve/.ssh/id_rsa type 1
debug1: identity file /home/steve/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software
version OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'fuzzy' is known and matches the RSA host key.
debug1: Found key in /home/steve/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/steve/.ssh/identity
debug1: Offering public key: /home/steve/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 149
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
Last login: Thu Apr 21 10:30:53 2005 from scoter
Logged In: YES
user_id=158827
The version keyword should just be "2", not "SSH2", i.e. try
this:
:ssh;key='E:\packages\cygwin\home\steve\.ssh\id_rsa';ver=2:steve@fuzzy:/home/cvsroot
No guarantee it will work then but that was the one obvious
thing...
If you use the :ssh: protocol this means the CVSNT client
invoked by WinCvs will use its own built-in SSH client,
which is based on the PuTTY code. There have been reports
indicating incompatibilities with private keys created by
non-PuTTY packages, most notably the Cygwin ones. If you
don't get it working with the OpenSSH key, you could either
create another one using PuttyGen or fall back to the old
:ext: protocol and have it use your external SSH client
(requires some minor further configuration).
Logged In: YES
user_id=399419
Good catch on the SSH2. But it was a typo (although I did
try it at one point, and it didn't work). So using "2"
doesn't work either.
What I finally got to work is:
Use puttygen to generate the keys, then doing a copy and
paste of the public key from the puttygen window to the
server's authorized_keys file. You MUST do the copy and
paste, copying the file itself and then appending it to
autorized_keys will NOT work.
Then I have to run putty's pageant.exe to hold the private
key so I don't have to type in the passphrase for every cvs
command.
Could this be submitted as a documentation bug? Nowhere
have I seen this properly documented... It took quite some
time to figure this out, having tried *many* different
approaches form various documents.
Logged In: YES
user_id=119527
Configuring SSH setup (or any other setup for that matter)
does not really fall withing WinCvs. It's all dependent on CVS/
CVSNT binary and server etc.