Alternative SSH Configuration for Vista and
Windows Server 2003

If you are running Vista or Windows Server 2003 and the normal ssh configuration for Windows has not worked for your installation, the following configuration has been recommended as an alternative that has worked for those operating systems:

1. Download and install a free copy of OpenSSH for Windows.

2. Run ssh-keygen -t rsa (or -t dsa, whichever you prefer).

Note: The SLAC instructions for Linux are:

-t dsa -C username@slac.stanford.edu

3. Upload %HOME%\.ssh\id_rsa.pub (or id_dsa.pub) to slac home directory.

4. In slac home directory do cat id_rsa.pub .ssh\authorized_keys2 (or id_dsa.pub).

5. You should now be able to do passwordless ssh from windows to linux.

6. Everything else for cvs is as always: set CVSROOT and CVS_RSH accordingly, and you are set.

If, when you try to ssh to slac without password, you get an error about permissions being wrong, try to set the permissions on the %HOME%\.ssh\id_rsa (or id_dsa) file so that they mimic Linux's 600 permission, i.e., user has read write access, and nobody else has any kind of access. This should be done by default when ssh-keygen runs, but you never know.

If setting those permissions still doesn't work, then the most likely culprit is that your home directory is on a network drive that openssh can't get correct permissions from and thinks the id_rsa (or id_dsa) file is readable by others. The fix is to move the id_rsa (or id_dsa) to a local drive, and set the permissions there. You then need to let ssh know of the new location by following these steps:

1. Create a file called config in %HOME%\.ssh

2. In %HOME%\.ssh\config add this line: IdentityFile C:\.ssh\id_rsa (change the C:\.ssh\id_rsa to whatever location you moved the id_dsa or id_rsa file).

This should do it, and you should now have passwordless ssh (and cvs access again).

Owned by: Toby Burnett and Navid Golpayegani