Related Posts:
1. Install Subversion 1.5.5 on Bluehost Linux 64bit Box
2. Configure svn+ssh on Windows OS
After relentless pounding of my fingers on the keyboard just to feed the same password again and again and again to subversion repository in Mac terminal, I realised that typing password is not as fun as developing finger habits in my beloved Emacs, although they are both repetitive.
I was reluctant to set up password-less svn+ssh access on my new Mac machine. The reason is that the key pair I am using were both generated by Putty, one deployed on Linux server and one for Windows clients. I would rather play Street Fight 4 online for half hour other than reconfigure SSH access across three different operating systems – if it is not absolutely necessary. They both involve the phrase “pain in the ass”, if you know what I mean :)
Good news is that Mac OS comes with a SSH agent:
ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program.
With the ssh agent, we can add the identity once per login. It means ‘add once, use everywhere’! It will be really helpful if you use more than one clients to connect to the same repository server.
Step1:
Use mac os build in ssh-keygen to generate a pair of openssh format keys. Deploy the public key on your server (assume your server uses openssh) and set up the appropriate permissions (see the related post1 to lean more). If you already have a .ppk key, then a conversion from Putty format to openssh would probably be the easiest way to go. It can be done either using PuttyGen in Windows OS or using a Putty Mac port (MacPorts or DawinPorts).
Step2:
Grant the key file minimum permissions. It needs to be:
chmod u=r,ga-rwx
If you are curious about ssh agent, read step3 and step4, otherwise, just skip to step 5.
Step3:
Find out the ssh-agent environment variable values: SSH_AUTH_SOCK and SSH_AGENT_PID. For more info about ssh agent in Mac OS, please read here.
Step4:
Set SSH_AUTH_SOCK and SSH_AGENT_PID environment variables in your subversion client of choice. If you only use command line clients, this step can be skipped.
Update: It turned out the SSH_AGENT_PID value changes form login to login.
/tmp/ssh-XXXXXXXXXX/agent.<ppid>
Unix-domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits.
In this case, the clients need to talk to the OS to find out the value. Since ssh-agent servers as a lower level service in the OS, it seems to be impossible to set up those values for clients manually and I assume it is not necessary.
Setp5:
Use ssh-add command to add the key to ssh authentication agent.
ssh-add yourkey
Find the following three files in the ~/.ssh/ directory (create if not exist).
~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
Append your private key in the right file (depends on the key type) and change the permission to owner read only, the ssh-agent will automatically read those files and add identities to the agent every time a ssh request occurs.
Now it’s really password-less!
