You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Stefan Binder <st...@gmx.at> on 2004/03/10 15:41:05 UTC
svn+ssh authentication
Hello,
I´m using Subversion 1.0 on OpenBSD 3.4, and only want svn+ssh access to
the repository, because connection is over internet.
I have a question about authentication with ssh connections:
In svnserve.conf i disabled anon access, and let only authenticated
users read + wirte
(anon-access = none
auth-access = write )
When i connect through TortoiseSVN Client on Windows, it only asks me
for the ssh-password, but not for the repository password.
If svn+ssh is used, is the authentication only over ssh, and i don´t
need a rep. password?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh authentication
Posted by Stefan Binder <st...@gmx.at>.
Ben Collins-Sussman schrieb:
>On Wed, 2004-03-10 at 09:41, Stefan Binder wrote:
>
>
>
>>When i connect through TortoiseSVN Client on Windows, it only asks me
>>for the ssh-password, but not for the repository password.
>>If svn+ssh is used, is the authentication only over ssh, and i don´t
>>need a rep. password?
>>
>>
>
>svn+ssh:// is exactly the same as accessing the repository via file:///
>as yourself. svn+ssh:// spawns a private 'svnserve' process on the
>server running as *you*, the authenticated SSH user. So in that
>scenario (just as with file:/// access), the only thing enforcing
>permissions is the operating system itself. Nothing matters but the
>permissions on the database files themselves.
>
>The svnserve.conf 'passwd-db' variable is only operational when you use
>svnserve's built in CRAM-MD5 authentication, over plain old svn://. In
>that scenario, svnserve is already running as a fixed user (as a daemon,
>or launched by inetd) with complete read/write access on the database
>files.
>
>
>
Thanks for your fast response!
After i re-read the Subversion-Book, i find the line "if operating in
"tunnel mode", the client will declare itself to be already externally
authenticated."
So if i had re-read the doc again, i didn´t have to bother you. ;)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh authentication
Posted by Ben Collins-Sussman <su...@collab.net>.
On Wed, 2004-03-10 at 10:08, Vincent Lefevre wrote:
> On 2004-03-10 09:57:23 -0600, Ben Collins-Sussman wrote:
> > svn+ssh:// is exactly the same as accessing the repository via file:///
> > as yourself.
>
> Why isn't it called file+ssh:// or ssh+file:// or ssh:// ?
Because the URL schema describes the network protocol being used (the
svn protocol, tunnelled over an ssh connection.)
When I say "exactly the same", I don't literally mean that. I mean, "in
terms of permissions, it's the same." Both file:/// and svn+ssh://
access the database files directly, rather than talking to a daemon
process running as a fixed user.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh authentication
Posted by Vincent Lefevre <vi...@vinc17.org>.
On 2004-03-10 09:57:23 -0600, Ben Collins-Sussman wrote:
> svn+ssh:// is exactly the same as accessing the repository via file:///
> as yourself.
Why isn't it called file+ssh:// or ssh+file:// or ssh:// ?
--
Vincent Lefèvre <vi...@vinc17.org> - Web: <http://www.vinc17.org/> - 100%
validated (X)HTML - Acorn Risc PC, Yellow Pig 17, Championnat International
des Jeux Mathématiques et Logiques, TETRHEX, etc.
Work: CR INRIA - computer arithmetic / SPACES project at LORIA
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh authentication
Posted by Ben Collins-Sussman <su...@collab.net>.
On Wed, 2004-03-10 at 09:41, Stefan Binder wrote:
> When i connect through TortoiseSVN Client on Windows, it only asks me
> for the ssh-password, but not for the repository password.
> If svn+ssh is used, is the authentication only over ssh, and i don´t
> need a rep. password?
svn+ssh:// is exactly the same as accessing the repository via file:///
as yourself. svn+ssh:// spawns a private 'svnserve' process on the
server running as *you*, the authenticated SSH user. So in that
scenario (just as with file:/// access), the only thing enforcing
permissions is the operating system itself. Nothing matters but the
permissions on the database files themselves.
The svnserve.conf 'passwd-db' variable is only operational when you use
svnserve's built in CRAM-MD5 authentication, over plain old svn://. In
that scenario, svnserve is already running as a fixed user (as a daemon,
or launched by inetd) with complete read/write access on the database
files.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: svn+ssh authentication
Posted by Chris Garrett <cg...@degarrah.com>.
Hi Stefan,
After much monkeying around and help from the list I got svn working
with ssh just as you are requesting. The way I understand it you dont
need a daemon running for ssh. You need a valid ssh account and access
permissions to the repository directorie(s). So my setup is like this:
Linux box(saturn):
/srv/svn - svn group has 775 on this and subfolders.
To connect from other machine with tortoisSVN I had to add my username
and password to the ssh command line. In windows explorer:
1. File->TortoisSVN->Settings
2. Click "Network" tab
3. Under "SSH client:" I added login info so my line lookes like:
C:\Program Files\TortoiseSVN\TortoisePlink.exe -l chris -pw <passwd>
Then to browse repository from windows explorer:
1. File->Repo-Browser:
2. I enter: svn+ssh://saturn/srv/svn
And it all works.
I realize that having the login info setup like that is a security risk,
but hey Im running windows to begin with!
HTH
CG
Stefan Binder wrote:
> Hello,
>
> I´m using Subversion 1.0 on OpenBSD 3.4, and only want svn+ssh access to
> the repository, because connection is over internet.
>
> I have a question about authentication with ssh connections:
> In svnserve.conf i disabled anon access, and let only authenticated
> users read + wirte
> (anon-access = none
> auth-access = write )
>
> When i connect through TortoiseSVN Client on Windows, it only asks me
> for the ssh-password, but not for the repository password.
> If svn+ssh is used, is the authentication only over ssh, and i don´t
> need a rep. password?
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org