OCIO » CVS & SVN Key Based Auth Setup

CVS & SVN Key Based Auth Setup

Last modified by Matthew Harshbarger on 2016/01/07 09:01

CVS & SVN Key Based Auth Setup

Key Based Authentication, OCIO GForge

This guide explains the process of setting up key based authentication for access to OCIO hosted SVN and CVS repositories.

Tools you will need:

·         Putty

·         PuTTYgen

·         Plink

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. At the time this document was published these tools were available here:
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Step One

Download the tools described above, and put them somewhere you will remember, such as C:\putty\

Step Two

Run PuTTYgen.exe, this tool generates public and private keys. You will save your PUBLIC key to your GForge account, and store your private key somewhere safe on the PC you are connecting from. This private key identifies you instead of using a password, so be sure it is stored somewhere safe and not published or shared with others.

Run PuTTYgen.exe:

1)      Ensure SSH2-RSA is selected as the type of key you are generating.

2)      Ensure 2048 is set for the number of bits in the generated key.

3)      Click “Generate”, and move the mouse randomly in the blank space to seed the generator with random data.

PuTTYKeyGenerator.bmp

 

Step Three

·         
Now that you’ve generated your keys, copy the “public key for pasting” to a new notepad document and save it somewhere you will remember.

PuTTYKeyGenerator2.bmp

Step Four

In this step you will save your private key for future use.

·         Click “Save private key” to save your private key, save this private key somewhere safe and do not share it with others as it acts as your password.

a.        If you want, you can put a password on the private key by entering it “Key passphrase” field.

b.      If you want, save your public key as well by clicking “Save public key”, however you will be using the public key you pasted into notepad for GForge.

Step Five

In this step you will store your public key in GForge by accessing the GForge website and updating your account’s settings.

·         Open the notepad file containing the key you saved in Step Three

·         Logon to the GForge website at https://forge.iowa.gov/gf/

·         Click the “My Stuff” tab at the top after logging in.

·         Click the “My Account” menu item in the left side nav.

·         Click the “Edit SSH Keys” submenu in the left side nav.

·         Scroll down/locate the text area on this page, and paste your key from notepad here.

·         Enter the password you used to logon to the forge website again, and then click “Submit Keys”

·         Confirm you receive the message “Your keys have been successfully saved”.

·         Make a note of your system username, it is shown at the top of the left nav, in the screenshot to the right you can see my username is “justincarlson”.

·         You may now close the forge website.

PuTTYKeyGenerator3.bmp

Step Six

Now that you’ve successfully saved your keys and set your public key in GForge, you’ll need to setup a connection in putty to use these keys.

·         Run putty.exe from the location you moved it to in Step One

·         Enter scm.forge.iowa.gov in the Host Name and Saved Session fields:

PuTTYKeyGenerator4.bmp

·         Do not save yet, in the tree menu to the left, expand SSH and then click AUTH:

PuTTYKeyGenerator5.bmp

Click Browse next to the “Private key file” field and locate your PRIVATE key saved from Step Four above. After you’ve selected your private key, scroll back up in the menu to the left and select “Session”, then click the Save button:


After you’ve clicked Save
, click the Open button on the bottom of the window, and enter the username you noted from Step Four above when prompted. The putty window should close immediately. If you get a message that your key was rejected, wait 30 minutes and try again as it can take some time for GForge to grant access.

PuTTYKeyGenerator6.bmp

Step Seven

Your computer is now setup to use PUB/PRIVATE keys to authenticate for any SVN or CVS client that uses plink. We normally use TortoiseSVN or TortoiseCVS, some other clients may have built in configuration options to use the same private key.

When using a SVN or CVS client that uses plink, plink is able to recognize the putty entry for scm.forge.iowa.gov and grant access using the keys you’ve just step.

Lets check out a project to see if it is working.

Navigate to a project you have access to on the GForge website:
https://forge.iowa.gov/

·         Logon

·         Click “My Stuff”

·         Click the “Projects” tab in the middle of the “My Stuff” screen.

·         Choose a project you’d like to use as an example.

·         In the Left Nav, click “CVS” or “SVN” and then click “Access Info”, this provides the checkout command including your username:

PuTTYKeyGenerator7.bmp
You can select the access string and then paste it in your CVS or SVN client to check out code:

SVN Example:
    svn+ssh://justincarlson@scm.forge.iowa.gov/svnroot/yourprojectnamehere
CVS Example:    :ext:justincarlson@scm.forge.iowa.gov:/cvsroot/yourprojectnamehere

This access string is the “CVSROOT” or “Url of Repository” you’ll use in your CVS or SVN client.

If you’ve followed each step of this guide, you should now be able to checkout and commit code without needing to enter your password several times during the process.

If you need further assistance, please contact the OCIO Service Desk at:
515-281-5703 phone
800-532-1174 toll free
 

Tags:
Created by Matthew Harshbarger on 2016/01/07 08:45

This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 3.0.36132 - Documentation