You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Eric Abrahamsen <gi...@gmail.com> on 2008/07/26 12:00:17 UTC

ssh authentication

I recently upgraded to 1.5, and compiled a new instance of Apache on  
my server, and in the process broke my ssh authentication. I had kept  
the authorization file that the AuthUserFile directive pointed to  
within the old Apache installation, rather stupidly, and when I over- 
wrote that installation I lost the file.

I've still got all the pieces except for that file, but can't for the  
life of me get this working again. Here are the other pieces:

client-side .bash-profile:
export SVN_SSH="ssh -i /Users/client-user/.ssh/svnkey"

server-side http.conf:
<Location "/">
Dav svn
SVNParentPath /home/server-user/webapps/svn
AuthType Basic
AuthName "repository"
AuthUserFile /home/server-user/lib/svn-auth-file
Require valid-user
Order deny,allow
Allow from valid-user
Options -Indexes
</Location>

In the original setup, I had no .ssh/authorized_keys file in my server  
home. Whatever was doing the authentication was inside svn-auth-file,  
or it was pointed to by something in that file. My svnkey.pub public  
key must have been on the server, but I can't for the life of me  
remember where, or how it was linked in. When I run svn info on one of  
my client-side working copies it lists the URL and Repository Root as  
plain old http:// URLs, not svn+ssh://, is that to be expected?

Trying to access the repository from my client machine using http://  
results in "Authentication Realm <URL> repository" and a request for  
my password. When I try via svn+ssh://, it just asks for a password.  
I've now copied my public key into .ssh/authorized_keys on my server,  
and tried access as both client-username and server-username, and  
nothing makes the keys kick in. I've also put command="svnserve -t -- 
tunnel-user=client-user" at the head of the public key in my  
authorized_keys file...

Can someone point out what I'm getting wrong here?

Thanks in advance,
Eric

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: ssh authentication

Posted by Eric Abrahamsen <er...@ericabrahamsen.net>.

Gah, http and svn+ssh are completely different protocols, of course,  
and have nothing to do with each other. Whatever I had set up before  
wasn't doing what I thought it was doing at all, and my ssh keys  
aren't working now for a totally unrelated reason. Please ignore me...


On Jul 26, 2008, at 8:00 PM, Eric Abrahamsen wrote:

> I recently upgraded to 1.5, and compiled a new instance of Apache on  
> my server, and in the process broke my ssh authentication. I had  
> kept the authorization file that the AuthUserFile directive pointed  
> to within the old Apache installation, rather stupidly, and when I  
> over-wrote that installation I lost the file.
>
> I've still got all the pieces except for that file, but can't for  
> the life of me get this working again. Here are the other pieces:
>
> client-side .bash-profile:
> export SVN_SSH="ssh -i /Users/client-user/.ssh/svnkey"
>
> server-side http.conf:
> <Location "/">
> Dav svn
> SVNParentPath /home/server-user/webapps/svn
> AuthType Basic
> AuthName "repository"
> AuthUserFile /home/server-user/lib/svn-auth-file
> Require valid-user
> Order deny,allow
> Allow from valid-user
> Options -Indexes
> </Location>
>
> In the original setup, I had no .ssh/authorized_keys file in my  
> server home. Whatever was doing the authentication was inside svn- 
> auth-file, or it was pointed to by something in that file. My  
> svnkey.pub public key must have been on the server, but I can't for  
> the life of me remember where, or how it was linked in. When I run  
> svn info on one of my client-side working copies it lists the URL  
> and Repository Root as plain old http:// URLs, not svn+ssh://, is  
> that to be expected?
>
> Trying to access the repository from my client machine using http://  
> results in "Authentication Realm <URL> repository" and a request for  
> my password. When I try via svn+ssh://, it just asks for a password.  
> I've now copied my public key into .ssh/authorized_keys on my  
> server, and tried access as both client-username and server- 
> username, and nothing makes the keys kick in. I've also put  
> command="svnserve -t --tunnel-user=client-user" at the head of the  
> public key in my authorized_keys file...
>
> Can someone point out what I'm getting wrong here?
>
> Thanks in advance,
> Eric


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org