svnserve daemon mode + SSH

[André Hänsel <an...@webkr.de>]

Hi list,

can I use svnserve in daemon mode (to take advantage of its authorization
mechanisms) and still have the client use an SSH tunnel (probably with
different credentials) to connect to it, so I only have to expose the SSH
port?

I found a post at http://svn.haxx.se/users/archive-2004-12/1413.shtml
talking about something called "SVN over SSH" but it's not mentioning how to
set it up.

Regards,
André

Re: svnserve daemon mode + SSH

[Daniel Shahaf <d....@daniel.shahaf.name>]

You should look into either svn+ssh:// or using svnserve over ssh port
forwarding ('ssh -L').  These are two distinct options. The former is
documented in the book; some of the SSH set-up tips there are applicable
to both modes.

André Hänsel wrote on Sun, Feb 12, 2012 at 03:27:12 +0100:
> Hi list,
> 
> can I use svnserve in daemon mode (to take advantage of its authorization
> mechanisms) and still have the client use an SSH tunnel (probably with
> different credentials) to connect to it, so I only have to expose the SSH
> port?
> 
> I found a post at http://svn.haxx.se/users/archive-2004-12/1413.shtml
> talking about something called "SVN over SSH" but it's not mentioning how to
> set it up.
> 
> Regards,
> André
> 

Re: svnserve daemon mode + SSH

[Ted Stern <do...@gmail.com>]

On 11 Feb 2012 18:27:12 -0800, André Hänsel wrote:
>
> Hi list,
>
> can I use svnserve in daemon mode (to take advantage of its authorization
> mechanisms) and still have the client use an SSH tunnel (probably with
> different credentials) to connect to it, so I only have to expose the SSH
> port?
>
> I found a post at http://svn.haxx.se/users/archive-2004-12/1413.shtml
> talking about something called "SVN over SSH" but it's not mentioning how to
> set it up.
>
> Regards,
> André

As Nico has already mentioned, the svn+ssh access mode can be found
the Red Bean book, "Tunneling over SSH", and specifics may be found
here:

http://svnbook.red-bean.com/en/1.7/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks

The basic idea is that you multiplex all access to the repository
through one account, with a special keypair for each user.

In the 'svnuser' account's ~/.ssh/authorized_keys file, a user's
public key is used to adjust svnserve's --tunnel-user option, to sign
each change with the correct ID.

Ted
-- 
 Frango ut patefaciam -- I break so that I may reveal

Re: svnserve daemon mode + SSH

[Nico Kadel-Garcia <nk...@gmail.com>]

On Sat, Feb 11, 2012 at 9:27 PM, André Hänsel <an...@webkr.de> wrote:
> Hi list,
>
> can I use svnserve in daemon mode (to take advantage of its authorization
> mechanisms) and still have the client use an SSH tunnel (probably with
> different credentials) to connect to it, so I only have to expose the SSH
> port?
>
> I found a post at http://svn.haxx.se/users/archive-2004-12/1413.shtml
> talking about something called "SVN over SSH" but it's not mentioning how to
> set it up.

It's in the famous Subversion "Red Book", at
http://svnbook.red-bean.com/. It works well: the only difficulty with
it is managing the keys, which needs to be worked out thoughtfully as
a matter of policy file management. The last example, the one that
uses individual keys installed in an svn user account, forced
commands,  specific usernames tied to the keys with, and perhaps even
the "--root" directove to provide simpler URL's is the one you want to
use. I've been a strong proponent of it for years because it avoids
Linux and UNIX clients for Subversion storing passwords in cleartext,
as all such clients do by default for HTTP and HTTPS access. It also
can avoid fascinating interactions with Apache setups.

There are performance and configuration trade-offs, but I find it very
usefl, especially if I need to publish a freely accessible version of
the repository that can be just plain "http" accessed. This is how
www.sourceforge.net does this.