You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Eric Abrahamsen <gi...@gmail.com> on 2008/07/26 12:00:17 UTC
ssh authentication
I recently upgraded to 1.5, and compiled a new instance of Apache on
my server, and in the process broke my ssh authentication. I had kept
the authorization file that the AuthUserFile directive pointed to
within the old Apache installation, rather stupidly, and when I over-
wrote that installation I lost the file.
I've still got all the pieces except for that file, but can't for the
life of me get this working again. Here are the other pieces:
client-side .bash-profile:
export SVN_SSH="ssh -i /Users/client-user/.ssh/svnkey"
server-side http.conf:
<Location "/">
Dav svn
SVNParentPath /home/server-user/webapps/svn
AuthType Basic
AuthName "repository"
AuthUserFile /home/server-user/lib/svn-auth-file
Require valid-user
Order deny,allow
Allow from valid-user
Options -Indexes
</Location>
In the original setup, I had no .ssh/authorized_keys file in my server
home. Whatever was doing the authentication was inside svn-auth-file,
or it was pointed to by something in that file. My svnkey.pub public
key must have been on the server, but I can't for the life of me
remember where, or how it was linked in. When I run svn info on one of
my client-side working copies it lists the URL and Repository Root as
plain old http:// URLs, not svn+ssh://, is that to be expected?
Trying to access the repository from my client machine using http://
results in "Authentication Realm <URL> repository" and a request for
my password. When I try via svn+ssh://, it just asks for a password.
I've now copied my public key into .ssh/authorized_keys on my server,
and tried access as both client-username and server-username, and
nothing makes the keys kick in. I've also put command="svnserve -t --
tunnel-user=client-user" at the head of the public key in my
authorized_keys file...
Can someone point out what I'm getting wrong here?
Thanks in advance,
Eric
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: ssh authentication
Posted by Eric Abrahamsen <er...@ericabrahamsen.net>.
Gah, http and svn+ssh are completely different protocols, of course,
and have nothing to do with each other. Whatever I had set up before
wasn't doing what I thought it was doing at all, and my ssh keys
aren't working now for a totally unrelated reason. Please ignore me...
On Jul 26, 2008, at 8:00 PM, Eric Abrahamsen wrote:
> I recently upgraded to 1.5, and compiled a new instance of Apache on
> my server, and in the process broke my ssh authentication. I had
> kept the authorization file that the AuthUserFile directive pointed
> to within the old Apache installation, rather stupidly, and when I
> over-wrote that installation I lost the file.
>
> I've still got all the pieces except for that file, but can't for
> the life of me get this working again. Here are the other pieces:
>
> client-side .bash-profile:
> export SVN_SSH="ssh -i /Users/client-user/.ssh/svnkey"
>
> server-side http.conf:
> <Location "/">
> Dav svn
> SVNParentPath /home/server-user/webapps/svn
> AuthType Basic
> AuthName "repository"
> AuthUserFile /home/server-user/lib/svn-auth-file
> Require valid-user
> Order deny,allow
> Allow from valid-user
> Options -Indexes
> </Location>
>
> In the original setup, I had no .ssh/authorized_keys file in my
> server home. Whatever was doing the authentication was inside svn-
> auth-file, or it was pointed to by something in that file. My
> svnkey.pub public key must have been on the server, but I can't for
> the life of me remember where, or how it was linked in. When I run
> svn info on one of my client-side working copies it lists the URL
> and Repository Root as plain old http:// URLs, not svn+ssh://, is
> that to be expected?
>
> Trying to access the repository from my client machine using http://
> results in "Authentication Realm <URL> repository" and a request for
> my password. When I try via svn+ssh://, it just asks for a password.
> I've now copied my public key into .ssh/authorized_keys on my
> server, and tried access as both client-username and server-
> username, and nothing makes the keys kick in. I've also put
> command="svnserve -t --tunnel-user=client-user" at the head of the
> public key in my authorized_keys file...
>
> Can someone point out what I'm getting wrong here?
>
> Thanks in advance,
> Eric
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org