RE: How to get --tunnel-user working [SOLVED]

["Hitzinger, Jozef" <jh...@soitron.com>]

Hi John,

thanks for the tip. Although there's only one svnserve on the system,
the 
advice made me re-check what exactly get's run, and the issue turned out
to 
be with the authorized_keys file (as half-expected).

Well known to some, and of course documented in sshd_config manual, the 
authorized_keys must have the whole entry on one long line, and NOT on 
several lines - the "\" continuation doesn't work in this file.

So in our case the command=".." (appearing two lines above key) was
ignored, 
and svn invoked plain "/usr/bin/svnserve" instead, which made it more
puzzling than if it didn't work at all.


As last remark, the example on pg. 152 of SVN Book would be better if it
explicitly mentions that continuation marks mean the text should go
onto one line

command="svnserve -t --tunnel-user=harry",no-port-forwarding,\
no-agent-forwarding,no-X11-forwarding,no-pty \
TYPE1 KEY1 harry@example.com

i.e. that this example is NOT suitable for copy&paste into
authorized_keys.


Thanks,
--
jozef  :-)




-----Original Message-----
From: John Peacock [mailto:john.peacock@havurah-software.org] 
Sent: Thursday, March 06, 2008 8:41 PM
To: Hitzinger, Jozef
Cc: users@subversion.tigris.org
Subject: Re: How to get --tunnel-user working

Hitzinger, Jozef wrote:
> command="svnserve --tunnel-user user1 -t" \ 
> no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty \ 
> ssh-dss <key1.........> 

I'll bet you have two different svnserve binaries installed.  Change 
that line to point at the 1.4.6. binary (instead of relying on the
path).

John

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org