Re: Using Key Pairs on OpenSSH on Win2k3

Great discovery! Perhaps I need an SSH client that can handle interactive commands. Seems like this will be the best solution to the problem. Sorry for the tardy reply... been on holiday.

Robert
  _____

From: Jon Spriggs [mailto:jon@spriggs.org.uk]
To: ssh@erdelynet.com
Sent: Fri, 30 May 2008 01:04:45 -0700
Subject: Re: Using Key Pairs on OpenSSH on Win2k3

              Hi there Robert.
  
  I've figured it out (I did some experimenting) and discovered that the reason why it's not working is that the SSHD can't cope with interactive commands, so when you press a key, it doesn't recognise it.
  
  What you'll need to do is to run the command locally as the user and press P to set it to permanent. Now, without having multiple user accounts to try this as, I can't verify the next stage... but, there's a directory in the profile, under Application Data\Subversion\auth\svn.ssl.server\ where there are a series of files. Clear this folder, then you *MIGHT* find that by copying the new file that is created when you make the certificate permanent into other users' profiles, it'll work.
  
  Hope that helps :)
  
  Jon
  
  Robert Denton wrote: The path issue is still a mystery to me as I have modified the path every which way and it still does not work. On the upside, this issue is not critical to what I need to do since all I really need is to be able to do is from a command prompt, "accept" an ssl cert. So what I have done is navigated to the subversion bin dir and issued this:
    
  ./svn.exe co https://...
    
  Which finally does indeed work. The problem I am seeing now is that I get prompted to accept an "untrusted" cert. After pressing 'p' for permanent, the process seems to just stop. Normally it continues on and accesses the page you requested in the first place. The other problem I have with this is that the cert should not be untrusted. It is a Comodo cert that browsers (for example) do not have a problem with.
    
  Robert
            _____

From: Welsh, Armand [mailto:Armand.Welsh@sscims.com]
      To: ssh@erdelynet.com
      Sent: Thu, 29 May 2008 11:18:45 -0700
      Subject: RE: Using Key Pairs on OpenSSH on Win2k3
      
      
command not found is a path issue. I am not familliar with Subversion, we user PVCS in our shop, but if you suspect the patch, use the set command from the shell to see what the current path is set to.. just type in "set" and all the variables will be returned. locate the path, to confirm it is set correctly. As a side note, I don't believe you need to escape the space in program files, try:
       
export PATH="/cygdrive/c/Profile files/Subversion/bin:$PATH"
       
or
      
       
export PATH="$PATH:/cygdrive/c/Profile files/Subversion/bin"
       
       
      
        _____

From: ssh@erdelynet.com [mailto:ssh@erdelynet.com] On Behalf Of Robert Denton
      Sent: Thursday, May 29, 2008 9:26 AM
      To: ssh@erdelynet.com
      Subject: RE: Using Key Pairs on OpenSSH on Win2k3
      
        Hi there. This continues to baffle. I have edited the profile file as you have recommended, as well as issued the more correct:
      
      PATH="$PATH:/cygdrive/c/Program\ Files/Subversion/Subversion/bin"
      
  but I still get:
      
      admin@development ~
  $ svn
  -bash: svn: command not found
      
  I even added a shortcut to svn.exe in windows/system32. All to no avail. If this is not a path issue what else could it be? If it were a permissions problem I do not think I'd be getting the command not found error.
      
      
  Robert
                _____

 From: Welsh, Armand [mailto:Armand.Welsh@sscims.com]
        To: ssh@erdelynet.com
        Sent: Wed, 28 May 2008 16:42:11 -0700
        Subject: RE: Using Key Pairs on OpenSSH on Win2k3
        
        
okay, so once you SSH into devserver, then you from within devserver you are running the svnclient.
         
Assuming you are using the default configuration of copSSH, then your bash path comes from:
         
/etc/profile
         
you can edit this file to modify the EXPORT command if you wish to change the PATH. My default /etc/profile looks like this:
                 
$ cat /etc/profile
# If you wish to change the path for all users, it is recommended you edit
  # /etc/bash.bashrc
           
syspath=`/bin/cygpath -S`
  winpath=`/bin/cygpath -W`
  export PATH="/bin:$syspath:$winpath"
  umask 027
           
# Set a default prompt of: user@host and current_directory
  PS1='\[\033]0;\w\007
  \033[32m\]\u@\h \[\033[33m\w\033[0m\]
  $ '
                            
Since you're probably running the default install, it should be the same. Just ignore the recomendation of editing /etc/bash.bashrc since the file doesn't exist on a default copSSH install, and editing the export here works just as well for such a simple installation.
         
See if that resolve your path issue. I recommend you change it as follows:
         
$ vi /etc/profile
# If you wish to change the path for all users, it is recommended you edit
  # /etc/bash.bashrc
           
syspath=`/bin/cygpath -S`
  winpath=`/bin/cygpath -W`
  export PATH="/bin:$syspath:$winpath:cygdrive/c/Program\ Files/Subversion/bin"
  umask 027
           
# Set a default prompt of: user@host and current_directory
  PS1='\[\033]0;\w\007
  \033[32m\]\u@\h \[\033[33m\w\033[0m\]
  $ '
Also, I am not a bash pro, but I believe the proper form of the bash command for setting the path is:
PATH="$PATH:/cygdrive/c/Program\ Files/Subversion/Subversion/bin"
         
By specifying the $PATH= you are actually causing the shell to think you want to execute the contents of $PATH, which is why you are receiving a No such file or directory upon the set command (it's a syntax error issue).
         
Regards,
Armand
         
         
          _____

 From: ssh@erdelynet.com [mailto:ssh@erdelynet.com] On Behalf Of Robert Denton
        Sent: Wednesday, May 28, 2008 4:25 PM
        To: ssh@erdelynet.com
        Subject: RE: Using Key Pairs on OpenSSH on Win2k3
        
          Trying to append to the path seems to not work, also:
        
        admin@development ~
  $ $PATH = $PATH:/cygdrive/c/Program\ Files/Subversion/bin/
  -bash: /bin:/cygdrive/c/WINDOWS/system32:/cygdrive/c/WINDOWS: No such file or directory
        
  This might be a key element in solving this problem. I say this since if I could actually issue the svn co command from a ssh session, then I should (in theory) be able to select 'p' for permanent, and make this problem go away.
        
  Robert
                    _____

 From: Robert Denton [mailto:robert@headsprout.com]
          To: ssh@erdelynet.com
          Sent: Wed, 28 May 2008 15:56:32 -0700
          Subject: RE: Using Key Pairs on OpenSSH on Win2k3
          
  Okay, let me see if I can explain my set up a little bit. And you might be right about there being no connection between openssh and the ssl used to connect to the https server, but here goes:
          
          user@svnserver ---(ssh)---> admin@devserver ---(https)---> svnserver
          
  Seems weird to do it that way, but in order to maintain a mirror of our code on the dev server we need to issue an 'update' command to the svn client on the dev server where we want the mirror, and this is triggered by a process on the svn server itself. The first part seems to be working with one weird exception:
          
  If I log onto the devserver and launch a command prompt, the command 'svn' is known by virtue of path. Oddly, if I ssh to that server as the same user, the command 'ssh' is not known. Does Cygwin (or OpenSSH) maintain it's own path variable? If so, where is it kept?
          
  Robert
                        _____

 From: Welsh, Armand [mailto:Armand.Welsh@sscims.com]
            To: ssh@erdelynet.com
            Sent: Wed, 28 May 2008 14:33:24 -0700
            Subject: RE: Using Key Pairs on OpenSSH on Win2k3
            
            
I don't think the copSSH and the https based activities are related. Regarding the connection to the other server (via https), how is this connection established? I need more information to understand the issue. Are you connecting (via ssh) to the server, and then on the server using wget or other command line util to get something from a web server? If you are using an SSH tunnel to connect to the https server using the ssh server as a middle point then I would need to know what client libraries on your client computer are used to establish the https session.
             
Armand
            
              _____

 From: ssh@erdelynet.com [mailto:ssh@erdelynet.com] On Behalf Of Robert Denton
            Sent: Wednesday, May 28, 2008 12:49 PM
            To: ssh@erdelynet.com
            Subject: Re: Using Key Pairs on OpenSSH on Win2k3
            
              So I took your advice and installed CopSSH instead and it is working as desired, with one minor snag. First, the application I am using this for is to connect to the copssh server and run some commands. One of the commands involves connection to a different server via https. When I do this I get prompted to accept the certificate. Choosing 'p' for permanent has no effect.
            
  Advice I have gotten from other forums is that I need to download Comodo's Trusted Root Certificate and append it to the end of the ca-bundle.crt that is used by OpenSSH. Unfortunately a search of the system yields no such file. Where does CopSSH place this file? And do you agree that this is the recommended course of action?
            
  Robert
                            _____

 From: Welsh, Armand [mailto:Armand.Welsh@sscims.com]
              To: ssh@erdelynet.com
              Sent: Thu, 22 May 2008 09:17:19 -0700
              Subject: Re: Using Key Pairs on OpenSSH on Win2k3
              
  Robert,
              
  Before I look into potential causes, the first I would like to know is: are you using copSSH, the Cygwin installation with the openSSH package installed, or the "openSSH for Windows" project from source forge?
              
  Why do I ask? Al three are openSSH from the cygwin project the following conditions:
  Cygwin is the thick install proding the option to turn you windows box into a GNU Linux like operating system (via the bash or other shell and some special mappers built into cygwin). The cygwin project installs a basic configuration of openSSH which works well on older windows systems, but requires specific things be done to get the SSH server to work 100% on windows 2003 and Vista.
              
  CopSSH is a pre-packaged minimal installation of Cygwin with a couple minor enhancement patches that installs Cygwin, openSSH, configures you computer (even vista and win2k3) so that openSSH works without any tweaking at all.
              
  "OpenSSH for Windows" is a dead sourceforge project that is almost identical to copSSH, except that development on the project has stopped a long time ago, and this package requires more tweaking of the ssh settings and the server that the other options, and is running very old ssh code that should not be used anymore in my opinion.
              
  If you want the easy solution, install copSSH and everything will work. If you want to get what you have working and you did not install copSSH then we can offer assistance with making all the appropriate changes, but it will take more time to get SSH services up and running with public keys, but you will have the option of using any piece of the cygwin project easily.
              
  Armand
              
                                                    

--
List Info:      http://erdelynet.com/ssh-l/
List Archives:  http://erdelynet.com/archive/ssh-l/
To Unsubscribe: Mail mailto:ssh+unsubscribe@erdelynet.com
If you are having trouble unsubscribing, visit the List Info page for help.