Automated SSH with passwords

A few months ago, I talked about setting up automated Subversion access using SSH. This is especially important if you are using an automated build server. (Couldn’t resist the shameless plug 🙂 )

One requirement of that discussion was that you needed to be using key-based authentication for your SSH access. So what if you’re not using keys? This is exactly the situation that has arisen this week with adding a new project to CCNetLive . We want to build a new project, from a new Subversion server, using SSH and password-based authentication, without messing up the SSH configuration for the existing projects on the machine (so no project-specific machine-global settings are allowed.) So how to do this?

I went through various attempts at doing this before realising how easy Subversion makes it!

First of all, make sure your new SSH connection is working correctly. In Windows, this means using Putty to connect using your SSH user name and password, and saving the server’s key. This is a vital step otherwise your connection will hang later as in the background it will be asking you to confirm the identity of the server.

Next, find your user’s Subversion config file. On Windows, this is normally in something like C:\Windows\Documents And Settings\Your UserName\Application Data\Subversion\. Find the [tunnels] section, and add a line something like:

myprojectssh = c:\tools\putty\plink.exe -l YourSSHUser -pw YourSSHPassword

The myprojectssh is the name of your Subversion scheme and you can use this scheme instead of the normal ssh scheme, so you would use a command something like svn checkout svn+myprojectssh://mysvnhost.com/my/project/root . Notice you don’t need to re-specify your user name. Obviously, you should change myprojectssh, YourSSHUser and YourSSHPassword for your setup, as well as the location of plink. The double back-slashes are important – check the note that should be in your Subversion config file for more details.

This Subversion scheme works because the whole -l abc -pw xyz part gets passed through to Plink, and plink understands what -l and -pw mean. If your command line SSH client uses different parameters for users and passwords you should substitute them as necessary.

There’s a couple of things to note with all this. Firstly, your SSH credentials are being stored unencrypted in a text file on your machine, so you should make sure your Subversion config file is secured somehow. It may be enough to make sure its only visible by the individual user, but you might also want to consider using an encrypted disk. Secondly, this solution should only be used where you can’t use SSH keys for some reason. Key-based SSH authentication is a far better option, security wise, than password-based authentication.

Advertisement

PDC, DDD and MVP

So 3 acronymns and 3 Microsoft developer community oriented updates.

Firstly, I’m off to Microsoft PDC next month. As with most conferences I expect the interesting stuff to happen in the corridors between sessions and there’s certainly a lot of great people going to be there to chat to. However, I’m also looking forward to hearing the latest gossip from MS about Vista and VS 2005. At the moment I’m somewhat cynical about what’s actually going to be left in Vista that won’t be available under Windows XP eventually (Avalon, Indigo, IE7, etc.) but I’m going with an open a mind as I can.

Of course, I’m definitely looking forward to meeting the MSBuild guys to see what their plans are.

Next up, I’m getting more involved with the London .NET community. I helped out at last month’s meeting by being on a panel answering questions about Agile Development, and I’m also going to be at DeveloperDeveloperDeveloper Day on the 22nd October. I’ve submitted a few sessions, but will wait to see if anyone’s interested in hearing me before I say I’m actually presenting. 🙂

And finally, I got made a Solutions Architect MVP! I’m not sure who nominated me but many thanks to whoever it was! I don’t hang-out much in the usual forums that a lot of MVPs frequent but I certainly hope to carry on blogging about the agile .NET world and helping out with the London .NET group.

CruiseControl.NET 1.0 RC1 Released

We’ve decided to break with our traditions on the CruiseControl.NET project and try to actually release a version 1.0! We’re not quite there yet, but have just released our first release candidate for 1.0 .

I’ll do a more detailed blog entry once 1.0 goes final (which we hope will be in the next few weeks), but until then please go and read the Release Notes.

If you do try out RC1, please email me, or the CCNet User’s mailing list with any problems / glitches / etc. with either the application or the documentation.