Tunneling with SSH
ContentsWhat this guide discusses. The purpose of this discussion is to provide a guide for users to tunnel to the desired server using SSH (Secure Shell).
What this guide does not discuss. This guide does not explain how to use CVS, only how to set up the tunnel so that you can use CVS. However,a brief description of the command to begin using CVS, once the tunnel has been established, is appended at the end of this document.
SSH is a flexible and more secure replacement for telnet and rlogin. It is widely used in development projects to provide access control and data-transport security. SSH can be used to create an unobtrusive, transparent "port tunnel" to the CVS (concurrent versions system) server. Data sent through the tunnel is encrypted, but the process is invisible to you or to the client software you are using to access the CVS repository.
Because it is easy to use and very secure, we recommend SSH for developers accessing the CVS repository.
Before you can establish an SSH connection, you have to find the right software,i.e., a client that places a terminal on your desktop, if you are using Windows or Mac OS 9 (Mac OS X has SSH built in). Fortunately, there are several excellent clients (both free and not) that offer Windows and Mac OS users desktop terminals. The section below discusses them in detail. Of course, if you are using Linux (or some other Unix variant), then you can skip that section and go right to the section, "Tunneling Using Cygwin," that describes the key elements in establishing an SSH tunnel in a Unix-like environment.
Once you have obtained a client terminal, the process of establishing a tunnel to the server housing the CVS repository is fairly simple. The crucial element is making sure you connect to the right server and that you use the right port numbers in establishing your tunnel. Fortunately, that number has been standardized: 2401.
Platforms
Linux, Unix, Solaris. Linux supports SSH. To connect using SSH, see the "Tunneling Using Cygwin" section below.
Macintosh.In important regards, procedures for tunneling
with a Mac client terminal resemble those for Windows clients. Mac
users can download and install any number of free or for-fee
terminals, the most popular being MacSSH, which is characteristically
easy to use, is free, and offers superior performance for SSH1
connections.
NiftyTelnet 1.1 SSH
Mac OS X, based on FreeBSD and the Mach 3 kernel, has SSH built in and is constantly updated. You can also obtain and use Data Fellows' F-Secure SSH, a for-fee (see below) client create a desktop terminal allowing you to tunnel to the CVS server. F-Secure SSH can be obtained at: http://www.DataFellows.com. For SSH1, you will want F-Secure SSH v.1.02; v.2.1 is for SSH2 connections only--i.e., those requiring encrypted certificates, or keys.
Windows. If you are using Windows (NT or 9x or 2K), then you can use SecureCRT, F-Secure SSH, or Cygwin. Cygwin, from Cygnus Solutions, provides a nearly full Unix environment on your desktop.
In contrast, SecureCRT and F-Secure SSH only provide user-friendly terminals, i.e., they don't pretend to emulate a Unix environment. Both F-Secure SSH and SecureCRT cost money ($100 for SecureCRT, $150 for F-Secure SSH), although a free, 30-day trial version is available for each. Of all, Cygwin has the added value of not just being free and very powerful, but also open source and constantly improved upon.
Both Mac clients offer intuitive interfaces; both also are well-documented. For that reason, this discussion of the Mac clients is very brief. However, for both clients, the important information is the same as for the Windows clients: the hostname and ports must be correctly specified.
Windows
Two free clients for Windows provide SSH tunneling:
As with the Mac clients, the important things to keep in mind are the hostname and the port numbers. For both terminals, the configuration process is straightforward. Because TTSH is an add-on to Tera Term, it means you have to go through that one extra step before SSH functionality is possible. [A fuller description of tunneling with TTSH is being drafted and will be posted when finished. For now, please see TTSH's website.]
PuTTY, on the other hand, does not allow you to easily configure the client to handle port forwarding. As a result, it is not recommended for tunneling.
SecureCRT and F-Secure SSH
Both these clients are fairly easy to use and configure for SSH1 tunneling. The information you will need--doubtless familiar by now--is listed below.
The following illustrates the procedure; we will use SecureCRT (version 3.1.2):
Cygwin
The most important consideration for installing Cygwin is creating the appropriate Unix folders. Cygwin's website offers complete and detailed instructions; the below is an abbreviated version.
@ECHO OFF
SET MAKE_MODE=Unix
SET CYGWIN=notty
SET HOME=C:\unix\HOME\[your home directory name]
SET TERM=VT100
CHDIR C:\Unix\HOME\[your home directory name]
SET PATH=C:\Unix\BIN;C:\Unix\USR\LOCAL\BIN;C:\CYGWIN\BIN;%PATH%
BASH
Terminating the Tunnel
The easiest way to terminate the tunnel is to Ctrl-C (^C) it out of existence. In both the Mac OS and Windows environment, you can also close the client window, thereby shutting the tunnel down.
CVS
Accessing the CVS Repository
Once the SSH tunnel has been successfully established, you can access the CVS repository, either by using, if on Windows, WinCVS, or on Mac OS, Mac CVS, or by entering, at the prompt,
Where [USERNAME] is your user name on the server and [PROJECT] is the project directory.
For more information on using CVS, see the document, "CVS source code version control."