Keep [C]*(od|do)ing

May 3 rd

0

Password-less svn+ssh Access on Mac OS X – Updated

Filed under: Tools — Tags: , , — Liwen @ 8:57 pm

Related Posts:

1. Install Subversion 1.5.5 on Bluehost Linux 64bit Box
2. Configure svn+ssh on Windows OS

After relentless pounding of my fingers on the keyboard just to feed the same password again and again and again to subversion repository in Mac terminal, I realised that typing password is not as fun as developing finger habits in my beloved Emacs, although they are both repetitive.

I was reluctant to set up password-less svn+ssh access on my new Mac machine. The reason is that the key pair I am using were both generated by Putty, one deployed on Linux server and one for Windows clients. I would rather play Street Fight 4 online for half hour other than reconfigure SSH access across three different operating systems – if it is not absolutely necessary. They both involve the phrase “pain in the ass”, if you know what I mean :)

Good news is that Mac OS comes with a SSH agent:

ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA). The idea is that ssh-agent is started in the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program.

With the ssh agent, we can add the identity once per login. It means ‘add once, use everywhere’! It will be really helpful if you use more than one clients to connect to the same repository server.

Step1:
Use mac os build in ssh-keygen to generate a pair of openssh format keys. Deploy the public key on your server (assume your server uses openssh) and set up the appropriate permissions (see the related post1 to lean more). If you already have a .ppk key, then a conversion from Putty format to openssh would probably be the easiest way to go. It can be done either using PuttyGen in Windows OS or using a Putty Mac port (MacPorts or DawinPorts).

Step2:
Grant the key file minimum permissions. It needs to be:
chmod u=r,ga-rwx

If you are curious about ssh agent, read step3 and step4, otherwise, just skip to step 5.

Step3:
Find out the ssh-agent environment variable values: SSH_AUTH_SOCK and SSH_AGENT_PID. For more info about ssh agent in Mac OS, please read here.

Mac OS SSH agent

Step4:
Set SSH_AUTH_SOCK and SSH_AGENT_PID environment variables in your subversion client of choice. If you only use command line clients, this step can be skipped.
Update: It turned out the SSH_AGENT_PID value changes form login to login.

/tmp/ssh-XXXXXXXXXX/agent.<ppid>
Unix-domain sockets used to contain the connection to the authentication agent. These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits.

In this case, the clients need to talk to the OS to find out the value. Since ssh-agent servers as a lower level service in the OS, it seems to be impossible to set up those values for clients manually and I assume it is not necessary.

Setp5:
Use ssh-add command to add the key to ssh authentication agent.
ssh-add yourkey

Find the following three files in the ~/.ssh/ directory (create if not exist).

 ~/.ssh/identity
    Contains the protocol version 1 RSA authentication identity of the user.
 ~/.ssh/id_dsa
    Contains the protocol version 2 DSA authentication identity of the user.
 ~/.ssh/id_rsa
    Contains the protocol version 2 RSA authentication identity of the user.

Append your private key in the right file (depends on the key type) and change the permission to owner read only, the ssh-agent will automatically read those files and add identities to the agent every time a ssh request occurs.

Now it’s really password-less!

Mac ssh-add command

February 15 th

1

Configure svn+ssh on Windows

Filed under: Tools, software — Tags: , — Liwen @ 8:52 pm

As a proud command line junkie, I never went anywhere without my Emacs ssettings, which made my hands look like old branches from dead tree in some desert, but that’s fine for me, it’s been a decade since I ceased my hand moulding career.

Ok It’s a lie but seriously, I am not a big fan of mice and GUI, they usually slow me down and distract me from concentrating. Besides, some really bad designed HCI, such as Windows Vista UAC, can easily push my buttons in all circumstances. People from Microsoft said

“Disabling UAC risks your computer for allowing some worms to execute commands secretly without a prompt confirmation from end user.”

and I up voted this as the correct answer:

“Enabling UAC risks me throwing my computer out the window from frustration with a poorly designed and horribly executed security model.”

Forgive me being loquacious, the point here is I don’t want to use TortoiseSVN – I 100% agree with you that it’s a fantastic software, I do! I just need to get svn+ssh work with my Emacs shell mode.

Let’s get started.

1. Download Putty, if you are like me always afraid of installing untrusted software from the Internet because you believe that they are mostly badly written piece of crap that they would mess your already rubbished Windows OS completely then you can be greatly relieved here, I promise.

2. Start Puttygen.exe and generate a pair of keys, save the private key WITHOUT passcode,

3. Copy the public key, yes COPY not SAVE, paste/append it to $HOME/.ssh/authorized_keys, create the file if it doesn’t exist.

4. After modified the authorized_keys file, remember to:

chmod 700 authorized_keys
chmod 600 .ssh

This is important as you may get connection errors if the file is group writable.

5. Next, test the connection with putty.exe or plink.exe, (side note:TortoiseSVN has a plink.exe windows implementation which would not pop up messages.)
plink.exe -i theprivatekey.ppk username@hostname

6. Modify your subversion configuration file. It’s in
c:\Users\yourname\AppData\Roaming\Subversion in Windows Vista
add the following line to your [tunnels] section:
ssh=x:/path/plink.exe -i x:/path/privatekey.ppk

Now you should be able to access your svn+ssh repository without typing password, in Microsoft Windows! Vista!

Some extra info for folks who love GUI – for TortoiseSVN users, you need to generate the OpenSSH private key from server, then load it with puttygen.exe and get the public key – it’s due to the fact that there are differences between private key implementations in putty and OpenSSH, otherwise you will get the lovely “server refused our key” message!

February 14 th

2

Install Subversion 1.5.5 on Bluehost 64bit Box

Filed under: Tools, software — Tags: , , — Liwen @ 11:55 pm

The first thing I do before start typing code at home is to put it under version control system; the first thing I tried to do when had a SSH enabled reliable hosting, of course, was to set up Subversion server on it.

There are already several tutorials in the Internet, why I am writing this again? Well, I just wanted to prove that I too, can write blog! Among all those tutorials, none of them worked for me, I guess either I was trying to install the newest version of SVN or the BlueHost hosting environment has changed, or they just hate me. So I am constructing this and hope to contribute something I learned along the frustrating process of setting up SVN on 64bit shared hosting so you don’t need to smash your keyboard.

Once you enabled SSH on BlueHost control panel with a photo ID, it’s time to set up Subversion.

1. Open a terminal, type in:
ssh username@yourdomain.com
and hit enter, then input your hosting password.

2. It’s better to create a separate folder for all the operations, in case our home directories got messed up by any mistakes.

mkdir src
cd src

3. Download Subversion and dependencies:

wget http://subversion.tigris.org/downloads/subversion-1.5.5.tar.gz
wget http://subversion.tigris.org/downloads/subversion-deps-1.5.5.tar.gz
tar -xzvf subversion-1.5.5.tar.gz
tar -xzvf subversion-deps-1.5.5.tar.gz
cd subversion-1.5.5

4. Install apr and apr-util, notice the var LDFLAGS , it’s 64 bit, it’s m-A-g-I-c.

cd apr
./configure --enable-shared --prefix=$HOME LDFLAGS="-L/lib64"
make && make install

cd ../apr-util
./configure --enable-shared --prefix=$HOME
--with-apr=$HOME --without-berkeley-db LDFLAGS="-L/lib64"
make && make install

5. Install neon, I had been stuck here for an hour because of the 64 bit mode problem, remember to explicitly enable compilation of shared libraries and prefix the files into home directory.

cd ../neon
EXTRA_CFLAGS="-L/lib64 -fPIC"
CFLAGS="-L/lib64 -fPIC"
./configure --prefix=$HOME --enable-shared LDFLAGS="-L/lib64" --with-libs=$HOME
make && make install

6. Install Subversion, pass --without-apxs and --without-apache to prevent svn installing Apach modules, also you need to explicitly specify the dependencies.

cd ../
./configure --prefix=$HOME --without-berkeley-db --with-apr=$HOME --with-apr-util=$HOME --with-neon=$HOME
-without-apxs --without-apache
make && make install

7. Modify .bash_profile and .bashrc file

nano -w .bash_profile (pico is always my favourite.)
add $HOME/system/bin to PATH variable, it should look like this:
PATH=$PATH:$HOME/bin:$HOME/system/bin
Also add this line to your .bashrc file, after the ‘fi
PATH=$PATH:$HOME/bin

8. Logout the current session and log on again, let’s try:
mkdir ~/repos
cd repos
svnadmin create topsecrets007plus

now you can access your repository like this:
svn+ssh://username@host/home/username/repos/topsecrets007plus/
just replace username with your 8-character user name given by BlueHost.

Powered by Wordpress | All rights reserved, all wrongs observed. @ 2009 Liwen Zhang (12 queries. 0.289 seconds.)