Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Nico Kadel-Garcia
December 22, 2003, 2:33 pm
rate this thread
got a dozenn or so Windows users for. They've been using the built-in
Windows "rsh" client to avoid managing a CVS login system, which means using
.rhosts and running rshd on the CVS server. This makes me *extremely*
twitchy to even think about.
At my suggestion, he's been encouraging users to switch to using
"CVS_RSH=/usr/bin/ssh" in CygWin windows. Which is fine, but getting them to
use "ssh-agent" to store an SSH key is something they don't like to do: they
want to open a CygWin window or command window and just have it Work(tm).
So I'm looking at setting up .shosts, but am having some grief. Does anyone
have a working "sshd_config" for OpenSSH 3.7.1p2 that allows .shosts use?
Also, has anyone gotten .shosts working for Putty/Windows/CVS users, since
there are a few who don't want to use CygWin?
- Richard E. Silverman
December 24, 2003, 5:21 am
Re: Passwordless logins, .shosts for Windows CVS clients with Cygwin
NKG> At my suggestion, he's been encouraging users to switch to using
NKG> "CVS_RSH=/usr/bin/ssh" in CygWin windows.
Just a note: you may find performance a problem. This setup requires a
new SSH connection with every CVS command, which can be unacceptably slow
depending on the hardware involved, SSH configuration, frequency of CVS
commands used, etc.
It really shouldn't be this way -- ideally, you'd make one SSH connection
and then just get new channels as needed for various commands.
Unfortunately, the only command-line SSH implementation I know of that
does this in a fashion suitable for normal Unix use is lsh, which is just
not ready for regular use.
An alternative is to use port forwarding together with a restriced CVS
pserver, but this can be a bit awkward.
A more attractive alternative is kerberized CVS, but that requires more
NKG> Which is fine, but getting them to use "ssh-agent" to store an
NKG> SSH key is something they don't like to do: they want to open a
NKG> CygWin window or command window and just have it Work(tm).
NKG> So I'm looking at setting up .shosts,
I assume you mean you want to use hostbased authentication.
NKG> but am having some grief. Does anyone have a working
NKG> "sshd_config" for OpenSSH 3.7.1p2 that allows .shosts use?
Well, the sshd_config part is easy: "hostbasedauthentication yes". The
trickier parts are getting all of /etc/shosts.equiv, ~/.shosts, the
known_hosts files, host keys, and naming service (DNS, NIS, etc.) all in
sync to allow it to work. Take a look at:
Also, refer to the relevant parts of the snail book. Post specifics if
things aren't working.
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum