You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Ben Reser <be...@reser.org> on 2004/08/02 19:13:59 UTC
Re: using tunnels via svnserve
On Sun, Aug 01, 2004 at 08:25:34PM -0000, mrparity@tigris.org wrote:
> ------- Additional comments from mrparity@tigris.org Sun Aug 1 13:25:33 -0700 2004 -------
> hello,
>
> i'm using svnserve with and without an ssh tunnel. if i use a ssh tunnel the
> user need a direct access to the db files, maybe there is a better solution.
> after the tunnel the clients have access to the repository via file:/// ...
> isn't it much better to connect after the tunnel to the localhost? if this will
> become true, there is no need of sharing the files.
>
> i could imagine this way:
>
> -------- ssh-tunnel --------
> |client|--------------->|server|
> -------- --------
> | ^
> | |
> |----|
> (connection to localhost)
>
> maybe this idea is too far from the reality, than i'm sorry for it and please
> close this issue.
We've talked about doing this before. It just hasn't been taken up by
anyone to actually implement. From my past interest in this I don't
believe that it's going to be terribly easy to add since the existing
tunnel code isn't very compatable with implementing this method of
operation.
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by Ben Reser <be...@reser.org>.
On Mon, Aug 02, 2004 at 04:33:28PM -0400, John Peacock wrote:
> Why? It's annoying to kill the tunnel session (since you have to track
> it down using ps) and the sleep doesn't do anything bad to the server.
> The 120 seconds means the tunnel will usually last long enough for me to
> type a short commit message into my editor, but ssh will not close a
> tunnel if there is still activity on it (long checkout or commit).
I find it more annoying to have to script stuff to know to bring the
tunnel up than it is to find the tunnel and kill it when I want to take
it down.
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by John Peacock <jp...@rowman.com>.
Ben Reser wrote:
> On Mon, Aug 02, 2004 at 04:07:07PM -0400, John Peacock wrote:
>
>>ssh -f -L 3690:127.0.0.1:3690 servername sleep 120 2>/dev/null
>>/usr/local/bin/svn "$@"
>>
>>which means the tunnels expire after 120 seconds.
>
>
> People need to stop recommending that sleep syntax. The following
> tunnel won't go away until you kill it and avoids running a sleep
> command on the server:
>
> ssh -f -n -L 3690:127.0.0.1:3690
>
Why? It's annoying to kill the tunnel session (since you have to track
it down using ps) and the sleep doesn't do anything bad to the server.
The 120 seconds means the tunnel will usually last long enough for me to
type a short commit message into my editor, but ssh will not close a
tunnel if there is still activity on it (long checkout or commit).
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by Ben Reser <be...@reser.org>.
On Mon, Aug 02, 2004 at 04:07:07PM -0400, John Peacock wrote:
> ssh -f -L 3690:127.0.0.1:3690 servername sleep 120 2>/dev/null
> /usr/local/bin/svn "$@"
>
> which means the tunnels expire after 120 seconds.
People need to stop recommending that sleep syntax. The following
tunnel won't go away until you kill it and avoids running a sleep
command on the server:
ssh -f -n -L 3690:127.0.0.1:3690
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by Patrick Plattes <pa...@erdbeere.net>.
On Mon, Aug 02, 2004 at 02:51:57PM -0700, Ben Reser wrote:
> --listen-host 127.0.0.1
i the moment i send the mail, i remebered to this switch.
sorry,
patrick
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by Ben Reser <be...@reser.org>.
On Mon, Aug 02, 2004 at 11:43:06PM +0200, Patrick Plattes wrote:
> i even think, that it is much cleaner if the svn client initialize a
> tunnel. to make sure, that all the user use a tunnel the svnserve need
> a switch to refuse all connections witch are not from the localhost. i
> know this could be done by iptables, but we shouldn't need to install a
> firewall to do that - imho.
--listen-host 127.0.0.1
--
Ben Reser <be...@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by Patrick Plattes <pa...@erdbeere.net>.
On Mon, Aug 02, 2004 at 04:07:07PM -0400, John Peacock wrote:
> Eric Hanchrow wrote:
>
> but it would be nicer if the svn client could initiate its own tunnel
> (so that you won't have backgrounded tunnels floating about).
i even think, that it is much cleaner if the svn client initialize a
tunnel. to make sure, that all the user use a tunnel the svnserve need
a switch to refuse all connections witch are not from the localhost. i
know this could be done by iptables, but we shouldn't need to install a
firewall to do that - imho.
greetings,
patrick
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by John Peacock <jp...@rowman.com>.
Eric Hanchrow wrote:
> Couldn't you just use ssh port forwarding?
>
> ssh -N -L3690:localhost:3690 wherever &
> svn co svn://localhost/whatever
>
That mode of operation is in the FAQ already:
http://subversion.tigris.org/project_faq.html#paranoid
but it would be nicer if the svn client could initiate its own tunnel
(so that you won't have backgrounded tunnels floating about). Actually,
I am using something similar, as script called 'svn':
ssh -f -L 3690:127.0.0.1:3690 servername sleep 120 2>/dev/null
/usr/local/bin/svn "$@"
which means the tunnels expire after 120 seconds.
John
--
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD 20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: using tunnels via svnserve
Posted by Eric Hanchrow <of...@blarg.net>.
Couldn't you just use ssh port forwarding?
ssh -N -L3690:localhost:3690 wherever &
svn co svn://localhost/whatever
--
... there are any number of partisan Democrats lurking in
engineering departments and liberal moles in software-writing
offices.
-- Molly Ivins
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org