Tuesday, September 27, 2005

Using pub/priv key w/ Modwest

I was never able to get the instructions from http://www.modwest.com/help/kb20-90.html to work. Here is the method I used to get things going...
NOTE: If you move to a new machine, and your old keys do not work, then simply follow the instructions below. Name of the public key file does not matter, since the CONTENTS of the file are the things that have to be added to the auth_keys files. Just make sure you don't overwrite the orginal contents of auth_keys, so you do not disturb existing users.

- download all putty tools from http://the.earth.li/~sgtatham/putty/latest/x86/putty.zip
- Unzip the contents into C:\bin (creating the folder if necessary)
- Create a C:\home folder
- Create a C:\home\.ssh folder. NOTE: You need to drop into the DOS command shell to create a folder starting with a period. (C:\> md C:\home\.ssh)
- Create a system enviornment variable HOME set to C:\home
- add C:\bin to you PATH system enviornment variable
- Launch C:\bin\PUTTYGEN.EXE
- Create a SSH2 DSA key, 1023 bits
- Do NOT add a passphrase
- Save the private key to C:\home\.ssh, giving it the name of the user account on the server where you're connecting (e.g. C:\home\.ssh\ctello2.ppk)
- Save the public key to C:\home\Public Keys\ctello2.pub
- Open C:\home\Public Keys\ctello2.pub, and modify it as follows...
* Remove the first two lines and the last line - leave only raw "goblygook" data
* Remove all the line feeds
* Add "ssh-dss " (Without quotes - NOTICE THE SPACE!!!) BEFORE the "goblygook" data
* Add " dsa-key-20050627" (Without quotes - NOTICE THE SPACE!!! - adjust the date) AFTER the "goblygook" data
- Now login to the remote system here and make sure in your home directory there is a subdirectory named: /.ssh (include the period '.' before the 'ssh'). You may need to create this directory. To see the file, you will need to type: ls -al
The .ssh directory should be chmod 700, which looks like this in the first column of a detailed file listing: -rwx------
If those are not the permissions on the .ssh dir, then set them by typing: chmod 700 .ssh
- If there are "/.ssh/authorized_keys" and "/.ssh/authorized_keys2" files, then just copy the contents of your "C:\home\Public Keys\ctello2.pub" file to BOTH "/.ssh/authorized_keys" and "/.ssh/authorized_keys2".
- If the files do not exist, copy your "authorized_keys" file 2x to the server, naming one "/.ssh/authorized_keys2" and the other "/.ssh/authorized_keys". Once the files are uploaded to the remote system, chmod 600 the two files (e.g. chmod 600 /.ssh/authorized_keys), which looks like this in the first column of a detailed file listing: -rw-------
- Run Putty
- Create a new connection with IP "shell.modwest.com", port 22, SSH
- Run C:\bin\PAGEANT.EXE - it will show up as an icon in the system tray
- Right click on the icon and select "add key"
- Select your private key (e.g. C:\home\.ssh\ctello2.ppk)
- Connect to the server - you should NOT be asked for the password
- Try using CVS - you should NOT be asked for a password

Checkout from CVS to web folder

- CVS kind of forces us to check out to /htdocs/{projectname}/index.php instead of /htdocs/www/index.php. There might be a way around this (I'm sure there is), but we did not find it.
To work around that, we remove the symbolic link at Modwest that send everything to www, and put in a symbolic link pointing to {projectname}, so that www.oursite.com takes index.php from /htdocs/{projectname}/index.php. The commands we used to do this, using the {projectname} of e.g. myproj, were...
rm -f _
ln -s myproj _

- the cvs checkout command needs the -d option to specify where the CVSROOT dir is

- the cvs command needs to have the current directory set to the directory where checkout should occur.

- We wanted to force the checkout by calling a URL, therefore our first attempt was to write a PHP script like this...
passthru ("cd /htdocs");
passthru ("cvs -d /cvs myproj");
...and put this in the /htdocs/myproj directory and call it via www.oursite.com/checkout.php. This failed, however, since the cvs command always used the php script directory instead of the directory specified in the cd command. Therefore, we wrote a shell script, checkoutCmd, and call the script.
passthru ("./checkoutCmd");

- To make the checkoutCmd script, we did the following...
cd /htdocs/myproj
vi checkoutCmd
...and the script you create with vi is...
cd /htdocs
cvs -d /cvs myproj
...save the file, and do...
chmod 755 checkoutCmd
...and run it as follows...

Checkout to the web serve folder can now be done via www.oursite.com/checkout.php