www.shermania.net

So you've read my blog entry on Why Enter Passwords? and it changed your life. In linux. So like 95% of your life is now covered. But you have that windows machine you need to do some work on for whatever reason, and you don't want to enter your password a bazillion times to do ssh+svn on that, either. Let me break down the specific scenario, and be careful to define the scope of my solution.

* I have a Windows XP client on which I do work.
* I have a Linux server running SVN that I connect to over SSH (known, tested working)
* I want to do use subversion (SVN) using Tortoise to keep files synced.

Background info:

* Subversion rocks. If you want to keep track of changes to files and be able to sync changes and version over multiple computers and/or with multiple people, check it out. http://subversion.tigris.org/
* I recommend using Tortoise SVN (http://tortoisesvn.net) with windows. It integrates with explorer and proves a nice interface through the right-click menu to do all the syncing and checking and branching and everything.
* When connecting with Tortoise over ssh, it asks for your password for EVERY OPERATION it does. So if you do the repository explorer, which generates a tree of all the files in the repo, it has to use a bunch of operations to generate that tree. Every single one needs a password. My record so far is 12 in a row.

The Problem:

There's no easy way to install a public key on the server, which would allow you to use password-free authentication.

The Scope:

This solution is based on PuTTY. If you use Putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/) for your general SSH'ing, this solution will work for that. If you use winSCP (http://winscp.net) for file transfers with a linux machine, this solution will work for that. It's not just about SVN, it's about the SSH layer, which happens to be powered in this case by the Putty family.

The Solution:

The key is PuttyGen. Go to the Putty page and download this separate program. All this program does generate key pairs. It doesn't magically install them, because windows doesn't really have a place to "install" personal RSA keys like linux does. You can save them as files, and that's good enough for my purposes today.

Open up PuttyGen, select SSH2-RSA at the bottom, and hit the generate button. It'll do some magic and create a keypair. Save them as files somewhere that makes sense to you, and name them something that makes sense. Remember, the difference between the Public and Private keys is VERY IMPORTANT. If you switch the keys, stuff doesn't work. The math only works in one direction (that's actually what makes it secure, actually. Read more: http://en.wikipedia.org/wiki/Public-key_cryptography).

So you have your key files. Now we need to install the public key to the server and set up your local system to use the private key. Let's start with the server. All you need to do is edit a file on the server in your home directory:
~/.ssh/authorized_keys
The way I edited the file was using winSCP. You could log in with putty if you like and do it all in the terminal. Your call. I just recommend you make a backup of the file first. If there's no file, don't worry, it just means you haven't used that feature before and you can just create it now.
The file looks something like this:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtYRBErlkMJvKI7td...
ssh-dss AAAAB3NzaC1yc2EAAAABIwAAAQEAwOQRBXjn8c...
ssh-rsa AAAAB3NzaC1kc3MAAACBAK4Fvd8I50MNZsiWU...

Add a new line on the bottom that starts with "ssh-rsa" has one space, then has your entire public key on one line. If you copy and paste in from the public key file you made earlier, just copy in the bulk part and delete the line returns. The key doesn't actually depend on the line returns, it just formats it that way in the file so it's easier to read.

FYI: this method can be used in linux as well if you don't want to use the automatic ssh-copy-id program.

So now the key is installed on the server. Time to set up the client to use it. Open PuTTY. We're going to set up a session with the key and save it.
* On the main page (Categories: Session) enter the Host Name as you normally would.
* Go the page in the Categories menu: Connection >> SSH >> Auth
* On the Auth page under Authentication Parameters hit "browse" and find your Private key file.
* Select Category: Session again. Under "Saved Session" enter a name for the session and hit "save". Once it's saved it appears in the little menu below. Let's say I named it "dev-svn"

Now when you want to log in with putty, just double-click that saved session and it'll go right in. Enter your username and no password will be needed.

If you want to use WinSCP with the key, you basically do the same thing, except the Private Key file field is right on the front page.

Now back to tortoise. Check out something for the first time by right-clicking in a folder and selecting "SVN checkout."
Here's the trick!
Instead of saying user@servername, you say user@nameOfSavedPuttySession
So my old password-based login would use this address: svn+ssh://user1@shermania.net/home/mark/svn/repos/project
Remember the name of the session in putty was "dev-svn" so the address we're going to use is: svn+ssh://user1@dev-svn/home/mark/svn/repos/project

That's it! It won't ever ask for a password!

Caveats:
*If you don't set a passphrase with your key in puttyGen, then you will NEVER need a password. That means anyone who sits down at your computer and can log into that has full access to the server(s) you installed the key on. The computer will never know it's not you. The security of your account on the server now relies on the physical security of the machine.
*If you do set a passphrase with puttyGen, Tortoise will ask you for that passphrase on EVERY operation, which brings us back to the original problem. On linux it just asks you once, and the built-in ssh agent in gnome remembers for the rest of your session.

Happy geeking!

Reference material: http://tortoisesvn.net/node/5