How to setup Maven to connect with CVS using public key authentication?

Question

I have a section in a POM that looks something like this:

<scm>
 <connection>scm:cvs:ext:myhostname:/cvsroot/repo:module_name</connection>
</scm>

I typically use publickey auth to authentication against this cvs server, although it should accept my password as well.

When I attempt to run mvn scm:update, mvn release:prepare, or any other Maven goal that involves connecting to this scm, I get the following failure:

[INFO] Executing: cmd.exe /X /C "cvs -z3 -f -q update -d"
[INFO] Working directory: C:\Documents and Settings\matt\workspace\projectname
org.netbeans.lib.cvsclient.connection.AuthenticationException: Cannot authenticate. Reason: Publickey authentication failed.
    at org.apache.maven.scm.provider.cvslib.cvsjava.util.ExtConnection.open(ExtConnection.java:136)
    at org.apache.maven.scm.provider.cvslib.cvsjava.util.CvsConnection.connect(CvsConnection.java:166)
    at org.apache.maven.scm.provider.cvslib.cvsjava.util.CvsConnection.processCommand(CvsConnection.java:498)
    at org.apache.maven.scm.provider.cvslib.cvsjava.command.update.CvsJavaUpdateCommand.executeCvsCommand(CvsJavaUpdateCommand.java:53)
    at org.apache.maven.scm.provider.cvslib.command.update.AbstractCvsUpdateCommand.executeUpdateCommand(AbstractCvsUpdateCommand.java:78)
    at org.apache.maven.scm.command.update.AbstractUpdateCommand.executeCommand(AbstractUpdateCommand.java:63)
    at org.apache.maven.scm.command.AbstractCommand.execute(AbstractCommand.java:59)
    at org.apache.maven.scm.provider.cvslib.AbstractCvsScmProvider.executeCommand(AbstractCvsScmProvider.java:750)
    at org.apache.maven.scm.provider.cvslib.AbstractCvsScmProvider.update(AbstractCvsScmProvider.java:348)
    at org.apache.maven.scm.provider.AbstractScmProvider.update(AbstractScmProvider.java:821)
    at org.apache.maven.scm.provider.AbstractScmProvider.update(AbstractScmProvider.java:770)
    at org.apache.maven.scm.manager.AbstractScmManager.update(AbstractScmManager.java:526)
    at org.apache.maven.scm.plugin.UpdateMojo.execute(UpdateMojo.java:89)

(lots more of the stacktrace....)

And further down in the stacktrace:

Caused by: java.io.IOException: Decrypted PEM has wrong padding, did you specify the correct password?
    at ch.ethz.ssh2.crypto.PEMDecoder.removePadding(PEMDecoder.java:109)
    at ch.ethz.ssh2.crypto.PEMDecoder.decryptPEM(PEMDecoder.java:286)
    at ch.ethz.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:319)

Followed by:

[ERROR] Provider message:
[ERROR] The cvs command failed.
[ERROR] Command output:

I'm running this on a Windows machine, with no cvs executable on the PATH. I do have my public key available under $HOME/.ssh, but it doesn't seem as if cvs/maven/scm is loading it here - as I'm not asked for the keyphrase for it.

So my question is ... is there anything special I need to do with Maven or the SCM/CVS provider to get it to recognize where my public key is installed, or how to actually use it? Currently it doesn't seem as if it is even being used as I am not prompted for it's passphrase.

Answer 1

I solved this by executing the cvs+ssh login command from the console before using maven. This added the magic numbers to $home/.ssh for the automated login to work.

If this is because of a self-signed cert, check out the InstallCert code on how to add the self signed cert to the client. Or this example on how to replace the default X509 Trust code.

Answer 2

So after debugging this a bit more, and downloading the source code for the maven-scm-provider-cvs package, I discovered that the CVS library used by this plugin uses the empty string ("") for the passphrase value if it finds your private key. To use the correct passphrase, the library expects you to set a System property with the key name maven.scm.cvs.java.ssh.passphrase.

So, if I run my scm:status goal like so:

mvn scm:status -Dmaven.scm.cvs.java.ssh.passphrase=<my passphrase>

I'm able to connect to CVS.

Gee - I really wish this was documented!