[lmi] How to configure ssh for cvs checkouts from behind a firewall that rejects ':pserver:'

[Wendy Boutin]

These instructions are posted here in response to the firewall
issues with ':pserver:', as discussed in this thread:
  http://lists.nongnu.org/archive/html/lmi/2005-08/msg00018.html
and its most recent impact on lmi, as announced here:
  https://savannah.gnu.org/forum/forum.php?forum_id=4168

These instructions were recently proven clear enough to setup
ssh on three different machines protected by such a firewall.

Use msys: it comes with ssh. Create a key:
   echo "Protocol 2" > ~/.ssh/config
   ssh-keygen -t dsa
Register the key here:
   http://savannah.gnu.org/account/editsshkeys.php

Pick a passphrase that contains uppercase and lowercase letters,
numbers, and punctuation, and is prohibitively hard to guess but
easy for you to remember. Invest enough time to get this right.
You'll never have to change it. Never write it down or share it
with anyone.

You may find this page helpful:
   http://www.geocities.com/h2428/ww/savannah_doc.htm

To change cvs:
   export CVS_RSH=ssh
   export CVSROOT="<your_login_ID>@subversions.gnu.org:/cvsroot/lmi"
   ssh-agent $SHELL
   ssh-add ~/.ssh/id_dsa
   ssh-add -l

Then try
   cvs -z3 co lmi
Probably you'll see
   The authenticity of host 'subversions.gnu.org
(199.232.41.3)' can't be established.
   RSA key fingerprint is
80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5.
   Are you sure you want to continue connecting (yes/no)? y
   Please type 'yes' or 'no'.
At savannah.org you can find the authentic fingerprint. Make sure
it matches before typing 'yes' to preclude a man-in-the-middle
attack. Then you'll see
   Warning: Permanently added
'subversions.gnu.org,199.232.41.3' (RSA) to the list
   of known hosts.
so that you shouldn't have to worry about that again; and then:
   cvs server: Updating lmi

When you're through, terminate ssh:
   ssh-add -D
   ssh-agent -k
so that no one else can impersonate you.