ssh fine w/pubkey only, nonstandard port and passphrase for local keypair but cvs isn't

Mark D. Baushke

2010-02-16 08:05:02 UTC

Post by Mike Klein
I have no problems using ssh or scp with an sshd configured for pubkey
only and my local keypair requiring a passphrase before authn. I have my
sshd running on a nonstandard port (to cut down on scans).
Yet I can't seem to configure CVSROOT to allow cvs from cmdline (cygwin)
or my IDE (NetBeans) to allow a commit.
I always get the message that pubkey failed.
I am unsure even after googling whether CVSROOT permits non-standard
ports or local passphrase for pubkey authn....is all of this possible?

Typically you would need to have the Port entry for your CVSROOT host.

For example, the host anoncvs.usa.openbsd.org uses port 2022 for its sshd.

In your $HOME/.ssh/config file:

%<----------%<----------%<----------%<----------%<----------%<----------
Host anoncvs.usa.openbsd.org
ForwardX11 no
ForwardAgent no
Port 2022
%<----------%<----------%<----------%<----------%<----------%<----------

Your CVSROOT might contain this:

:extssh:***@anoncvs.usa.openbsd.org:/cvs
or (depending on the release of CVS you are using)
:ext:***@anoncvs.usa.openbsd.org:/cvs

and you might checkout the modules file using the command:

cvs co -p CVSROOT/modules

The other method to deal with this is using CVS_RSH

CVS_RSH=$HOME/my-ssh-script; export CVS_RSH
CVSROOT=:ext:***@cvs.somehost.domain.com:/cvs/path; export CVSROOT

Then using a $HOME/my-ssh-script something like this:

#!/bin/sh
exec ssh -p 2022 -x -a ${1+"$@"}

which lets you hardcode the port number option.

-- Mark