You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Hitzinger, Jozef" <jh...@soitron.com> on 2008/03/06 16:53:43 UTC
How to get --tunnel-user working
Dear SVN community,
we hit "svnserve -t --tunnel-user" issue in subversion 1.4.6.
The compiled package comes from HP-UX porting archive
http://hpux.connect.org.uk/hppd/hpux/Development/Tools/subversion-1.4.6/
running on a HP-UX 11.23 pa-risc machine.
svnserve is configured for svn+ssh:// access, with repository under
account "svn" and authorized_keys as per The Book:
command="svnserve --tunnel-user user1 -t" \
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty \
ssh-dss <key1.........>
command="svnserve --tunnel-user user2 -t" \
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty \
ssh-dss <key2.........>
svn commands via svn+ssh://svn@localhost/home/svn/repos are working,
but everything is logged as done by user "svn", i.e. as if the
--tunnel-user option was ignored.
Can someone advice us on how to troubleshoot this?
Thanks,
--
jozef :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: How to get --tunnel-user working [SOLVED]
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Mar 7, 2008, at 07:49, Hitzinger, Jozef wrote:
> As last remark, the example on pg. 152 of SVN Book would be better
> if it
> explicitly mentions that continuation marks mean the text should go
> onto one line
>
> command="svnserve -t --tunnel-user=harry",no-port-forwarding,\
> no-agent-forwarding,no-X11-forwarding,no-pty \
> TYPE1 KEY1 harry@example.com
>
> i.e. that this example is NOT suitable for copy&paste into
> authorized_keys.
Book feedback should be sent to the book mailing list. See the
heading "Feedback/Contributing" near the bottom of this page:
http://svnbook.red-bean.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: How to get --tunnel-user working [SOLVED]
Posted by "Hitzinger, Jozef" <jh...@soitron.com>.
Hi John,
thanks for the tip. Although there's only one svnserve on the system,
the advice made me re-check what exactly get's run, and the issue turned
out to be with the authorized_keys file (as half-expected).
Well known to some, and of course documented in sshd_config manual, the
authorized_keys must have the whole entry on one long line, and NOT on
several lines - the "\" continuation doesn't work in this file.
So in our case the command=".." (appearing two lines above key) was
ignored, and svn invoked plain "/usr/bin/svnserve" instead, which made
it more puzzling than if it didn't work at all.
As last remark, the example on pg. 152 of SVN Book would be better if it
explicitly mentions that continuation marks mean the text should go
onto one line
command="svnserve -t --tunnel-user=harry",no-port-forwarding,\
no-agent-forwarding,no-X11-forwarding,no-pty \
TYPE1 KEY1 harry@example.com
i.e. that this example is NOT suitable for copy&paste into
authorized_keys.
Thanks,
--
jozef :-)
-----Original Message-----
From: John Peacock [mailto:john.peacock@havurah-software.org]
Sent: Thursday, March 06, 2008 8:41 PM
To: Hitzinger, Jozef
Cc: users@subversion.tigris.org
Subject: Re: How to get --tunnel-user working
Hitzinger, Jozef wrote:
> command="svnserve --tunnel-user user1 -t" \
> no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty \
> ssh-dss <key1.........>
I'll bet you have two different svnserve binaries installed. Change
that line to point at the 1.4.6. binary (instead of relying on the
path).
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: How to get --tunnel-user working [SOLVED]
Posted by "Hitzinger, Jozef" <jh...@soitron.com>.
Hi John,
thanks for the tip. Although there's only one svnserve on the system,
the
advice made me re-check what exactly get's run, and the issue turned out
to
be with the authorized_keys file (as half-expected).
Well known to some, and of course documented in sshd_config manual, the
authorized_keys must have the whole entry on one long line, and NOT on
several lines - the "\" continuation doesn't work in this file.
So in our case the command=".." (appearing two lines above key) was
ignored,
and svn invoked plain "/usr/bin/svnserve" instead, which made it more
puzzling than if it didn't work at all.
As last remark, the example on pg. 152 of SVN Book would be better if it
explicitly mentions that continuation marks mean the text should go
onto one line
command="svnserve -t --tunnel-user=harry",no-port-forwarding,\
no-agent-forwarding,no-X11-forwarding,no-pty \
TYPE1 KEY1 harry@example.com
i.e. that this example is NOT suitable for copy&paste into
authorized_keys.
Thanks,
--
jozef :-)
-----Original Message-----
From: John Peacock [mailto:john.peacock@havurah-software.org]
Sent: Thursday, March 06, 2008 8:41 PM
To: Hitzinger, Jozef
Cc: users@subversion.tigris.org
Subject: Re: How to get --tunnel-user working
Hitzinger, Jozef wrote:
> command="svnserve --tunnel-user user1 -t" \
> no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty \
> ssh-dss <key1.........>
I'll bet you have two different svnserve binaries installed. Change
that line to point at the 1.4.6. binary (instead of relying on the
path).
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: How to get --tunnel-user working
Posted by John Peacock <jo...@havurah-software.org>.
Hitzinger, Jozef wrote:
> command="svnserve --tunnel-user user1 -t" \
> no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty \
> ssh-dss <key1.........>
I'll bet you have two different svnserve binaries installed. Change
that line to point at the 1.4.6. binary (instead of relying on the path).
John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org