Connecting and configuring CVS with SSH

Eclipse includes an SSH client for accessing a remote CVS server. The client supports both the SSH1 and SSH2 protocol versions. To use SSH2 with a CVS repository select the extssh connection type.

Different methods can be used to authenticate, depending on the level of functionality and security you want. User authentication methods used by the client by default are, in the following order: public-key, Keyboard-Interactive, and password authentication.

Authentication with Public Keys (keypair)

Public-key authentication allows you to connect to a remote CVS server without sending your password over the wire. This is a more secure authentication method than password authentication. Public-key authentication uses two keys, a private key that only you have--it should be kept in a secure place and protected with a password. And the public key, which is placed on the server you wish to gain access to.

Eclipse supports generating both keys and you can copy the public key to the server from within Eclipse. In order to use public key authentication follow these steps:

If you already have a private/public key for the CVS server, simply open the General > Network Connections > SSH2 preference page and on the General tab add your private key to the list by selecting the Add Private Key button. Your key will be used when authenticating.
If you don't have a keypair yet, in the preferences page, go to the Key Management page.
Select either a Generate RSA key (if your server supports version 1 of the protocol) or Generate DSA key (for version 2).
A public key and private key will be generated. The public key will be shown in the read-only text area.
The next step is to copy the public key to your server. If your server is running an OpenSSH server than you can use the Export via sftp action. Otherwise you will have to copy and paste the public key into your remote ~/.ssh/authorized_keys file.
Now you have to provide a password for your private key, and save it on your computer.

So now that you have your keypairs generated and installed, the next time you create a CVS location to the server you shouldn't enter a password. When the connection is initialized, you will be prompted for the passphrase for your private key. This is the most secure method of authentication, as long as your private key is protected with a passphrase.

Note: exporting the public key is only supported on OpenSSH enabled SSH servers.

Authentication with Passwords

If your server is configured to support password authentication, then you can simply enter your password when you create a CVS repository location and that password will be used when authenticating with the server. This is the simplest authentication method, but isn't as secure as public keys.

Note: It is not recommended that you save your login passwords using Eclipse. The file that contains the file is not sufficiently protected against intruders and as such you can comprise the security of your system. If your company requires strict security practices then your should use keypair authentication.

Pserver over SSH2

The pserverssh2 connection method allows you to use pserver connections to a CVS repository over ssh2 port-forwarding without any external ssh2 programs. The SSH2 connection information is encoded in the Host field of the repository location: The format is:

ssh_user@ssh_host#port_number@cvs_host

where the port_number is only required if the SSH2 host's port is not 22.

Using Proxies

Both the extssh and pserver connection methods support the use the proxies specified on the General > Network Connections preference page. If a SOCKS proxy is specified, it will be used. Otherwise, the specified SSL proxy will be used. If neither of these proxy types are specified or if the host being contacted is in the host exclusion list, the connection will be made directly to the target host.