April 5, 2009

Setting up CVS|SVN+SSH

Filed under: tech — SiKing @ 12:38 pm

I have to go through this procedure every time I start someplace. Normally only once, and by the time I have to go through it again I usually forget the steps. 😦 The following are my notes on how to do this next time – hopefully nobody at $JOB is reading this. 😈 If you finds this useful, then great! If you are doing this on *NIX-*NIX machines, the you probably already know how to do this. The following information is for Windows-*NIX setup; surprisingly, I have not been able to find this anywhere else on the net. 🙄

The Windows client for accessing a repository that I prefer is either TortoiseSVN or TortoiseCVS. The procedure for setting up both is similar; differences are noted below. Some hints are here and here.

You are going to need PuTTY with TortoiseSVN; with TortoiseCVS it is bundled already. Although you do not need the entire package it is quite a useful tool for other things as well, and therefore you might as well grab the “Windows installer for everything except PuTTYtel” from the download page.


  1. Generate the access keys using PuTTYgen. The program will be in either C:\Program Files\TortoiseCVS\puttygen.exe, or C:\Program Files\PuTTY\puttygen.exe. Ask your admin what encryption and strength you should use, or just take the defaults. Click “Generate”, move your mouse around, if you need help: RTFM.
  2. Check with your admin if you need to password protect the keys. It’s a good idea to do, I personally do not bother as it is an inconvenience and I am lazy.
  3. Save the private key in a directory of your choice with a filename of your choice. Ideally, it would be in a location that only you have read-access; a suggestion is to place it right in C:\Documents and Settings\<your.login>\, not in My Documents where you often make changes to stuff.
  4. The server that you are going to access is in all likelihood some sort of a UNIX-like system; if you are stuck with a Windows server, then I feel sorry for you and I cannot help you. You need to move the public key over to that machine and appended it to your ~/.ssh/authorized_keys file, probably. Your admin can change the default filenames – check with him. Do not ever give out your private key; that is the equivalent of giving out your password! Start up PuTTY, and connect to your server (you will have to login with your password this time). You can copy-paste from a Windows window to the PuTTY terminal any text, so:
    1. On the PuTTY Key Generator page, highlight the entire Public key, and copy it to the clipboard (Ctrl-C).
    2. In the terminal navigate to the right directory. Type echo " now right-click and select Paste, and continue typing " >> authorized_keys; you need the quotes.
  5. Exit everything. You can test the connection at this point using these instructions.
  6. This step is TortoiseCVS specific: Go to the TortoiseCVS Preferences and select the tab Tools. On the line “SSH parameters”, leave what is there and append: -2 -i "C:\Documents and Settings\<your.login>\<private_key_file>.ppk", quotes included. Save everything. Go to the repository browser for TortoiseCVS (you will have to get the URL from your admin; it will start with something like CVS+SSH://) and see if you can browse the repository without being prompted for a password – if in step 2 you did put in a password, then you should be prompted only the first time you connect (after each time you reboot).
  7. This step is TortoiseSVN specific: Start up Pageant, and add you key to it – if you specified a password in step 2, you will be prompted for it now (and every time Pageant starts after a reboot). Go to the repository browser for TortoiseSVN (you will have to get the URL from your admin; it will start with something like SVN+SSH://) and see if you can browse without being prompted for a password – you should never be prompted for the password at this point.

Some additional notes (troubleshooting?):

  • I have had limited luck with “Save public key” and transferring that mess over to the *NIX machine. I think there is some issue with Windows-CRLF versus UNIX-CR character conversion, and the Windows client seems to add more than what is needed. If you need to, you can always Load you private key into the PuTTY Key Generator, and it will show you the public key again.
  • There appears to be some version dependency between the SSH client and the SSHD server, however I do not know what it is. 😦 I have had at least one case, where a newer version of PuTTY created keys that were refused by an old server, but using an older version of PuTTY (exact same encryption and strength of keys) worked on the first try.
  • SSH is quite finicky about file permissions everywhere – which makes sense, as you would want this to be secure. Basically, you need to have at least read permissions to all the keys, and other users must not have any permissions to any of the keys.
  • I used to think that you had to create a separate key-pair per machine that you will be connecting from (the client). Apparently this is not the case, you can use the same one key-pair on every client machine. Just be careful about where you put the private key. Personally I have never tested this.
  • There is a great article OpenSSH key management, part 1 by Daniel Robbins.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a free website or blog at

%d bloggers like this: