Notes on accessing SVN over SSH |


Here are my notes how I set up SVN over SSH to an SVN server that had been set up to run SVN as a single user, "svn".

So, we have multiple users on the remote side, all logging in as "svn" on the SVN server side.
Authentication is done via a dedicated key-pair, with special options to make SVN+SSH work.

See http://svn.collab.net/repos/svn/trunk/notes/ssh-tricks for more details.

These are just my notes, the above link is authoritative.


Procedure:

1. Generate a dedicated key pair

	[SVN Client]$ ssh-keygen -f ~/.ssh/svnssh
	Generating public/private rsa key pair.
	Created directory '/home/tsalolia/.ssh'.
	Enter passphrase (empty for no passphrase):
	Enter same passphrase again:
	Your identification has been saved in /home/tsalolia/.ssh/svnssh.
	Your public key has been saved in /home/tsalolia/.ssh/svnssh.pub.
	The key fingerprint is:
	...
	[SVN Client]$ 



2.  Set your SVN_SSH env var to use the private key from above.   For example:

	SVN_SSH="ssh -i /home/tsalolia/.ssh/svnssh"

Add this to your .bashrc

3. Add the public key from above into "svn" user's .ssh/authorized_keys2 file on the SVN server.

The key has to be suffixed with a command specifying snvserve, its tunnel option, SVN repo root, and tunnel user.   Example:


	[SVN Server]$ cat ~svn/.ssh/authorized_keys2
	command="/usr/bin/svnserve -t -r /svn/repos --tunnel-user=tsalolia" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxX9+oN0yiTCy7bJWxeQtamlEvMW/NZC7U2MGA7OLC+rrziWy0Wlvmj6HizoSMdGk2CPFKoM50xh8+1I5YK1dCBYttWlu9vH7qVuT6WWaQqnnRXPq1t9CSJw/zg8kz+5fv1wlvR+6Qmn2YLoDhw2LVcDsffptDVghrNBnN2hOhwmPXI8op7UxQfv3EWuNEl4niE4osp8hdhgOCkfRq/cX4GgqPF7tR5Q9r8FMpPr4fsvh7rztPFeQrf27a/W8gPZvjFU41zhfFyY+kXvWrL8g6sRoiHRzpyIUyMQlIiLeNchRZfYu9f7y7WiI845HAnN6njrSS4OJkVmIt2wW7R37Ew== tsalolia@xxx
	[SVN Server]$



4. connect using svn user on the SVN server.  Example:

	svn checkout svn+ssh://svn@10.10.10.10/trunk alekseytest

SVN will ask you for your SSH password each time it connects to the SVN server.


4b. If that  bugs you, you can use ssh-agent to cache the password:

For example, run "ssh-agent /bin/bash"

Then run "ssh-add" to have it cache your password

Then svn checkout over SSH will not ask you for password.

That cache will last until you exit your "/bin/bash" process.

Aleksey_Tsalolikhin	spp
Kacoroski, Ski	Damon, Lee
Boris, John	tep
borwick	caseybea
jessetrucks	LOPSA Blogs Admin
McCullough, Mark	hcoyote
stpierre	trey
Matt_Simmons	fatherlinux
nhruby	lois
Constantine, Craig	wnl
jdetke	drich
mhalligan	doug
jlothian	jennine
Philip Kizer	jeremyc
lufthans	English, Paul
moose	warner
Evan_Pettrey	villyard
asachs228	nicolefv
wbilancio	nickanderson
unicityd	mharlow
allberyb	d_white
apthorpe	mdisney
mjulian	solarce
nnmiller	TheDreamer
morgajel	jgsmith