You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Will Shackleford <sh...@cme.nist.gov> on 2010/06/16 19:41:05 UTC
multiple ssh connections
We have a lot of trouble with the fact that subversion needs to use
multiple ssh connections to do a
single svn update. Our firewall only allows one connection through
before you have to login to the firewall
again. (which is an incredible pain)
Also tortoisesvn doesn't seem to be integrated with an ssh-agent so the
windows users need to
type their username and password 3 times even when not going through the
firewall.
Directly accessing the repository files or using the pserver are not
really options for us, given the
need to administer users and open up the network ports etc.
Is there a way it can be reconfigured now to use only a single ssh
connection now or
should submit and issue for this to be fixed later?
-- Will
Re: multiple ssh connections
Posted by Stefan Sperling <st...@elego.de>.
On Wed, Jun 16, 2010 at 04:14:50PM -0500, Ryan Schmidt wrote:
>
> On Jun 16, 2010, at 14:41, Will Shackleford wrote:
>
> > We have a lot of trouble with the fact that subversion needs to use multiple ssh connections to do a
> > single svn update. Our firewall only allows one connection through before you have to login to the firewall
> > again. (which is an incredible pain)
> > Also tortoisesvn doesn't seem to be integrated with an ssh-agent so the windows users need to
> > type their username and password 3 times even when not going through the firewall.
> >
> > Directly accessing the repository files or using the pserver are not really options for us, given the
> > need to administer users and open up the network ports etc.
> >
> > Is there a way it can be reconfigured now to use only a single ssh connection now or
> > should submit and issue for this to be fixed later?
>
> Neither, probably. Subversion uses multiple ssh connections. I doubt this will change. But I'm just a user, not a developer.
>
> You should probably file a bug report with whoever configured your firewall to work that way, because it is not compatible with how Subversion uses ssh.
>
> You could also consider using http or https instead of ssh.
OpenSSH supports connection multiplexing, which may help here.
It allows running an arbitrary amount of SSH sessions over a single
SSH connection. See the ssh_config man page for documentation of the
"ControlMaster" option:
http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config
Make sure to run Subversion 1.6.5 or later when using SSH connection
multiplexing. Else you will run into a known bug which prevents
successful interaction of svn and SSH connection multiplexing.
You may need Cygwin to run OpenSSH on Windows.
TortoiseSVN can work with an ssh-agent such as OpenSSH's ssh-agent, or
pagaent, to avoid repeated password prompts. This link might help:
http://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-ssh-howto.html
Stefan
Re: multiple ssh connections
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Jun 16, 2010, at 14:41, Will Shackleford wrote:
> We have a lot of trouble with the fact that subversion needs to use multiple ssh connections to do a
> single svn update. Our firewall only allows one connection through before you have to login to the firewall
> again. (which is an incredible pain)
> Also tortoisesvn doesn't seem to be integrated with an ssh-agent so the windows users need to
> type their username and password 3 times even when not going through the firewall.
>
> Directly accessing the repository files or using the pserver are not really options for us, given the
> need to administer users and open up the network ports etc.
>
> Is there a way it can be reconfigured now to use only a single ssh connection now or
> should submit and issue for this to be fixed later?
Neither, probably. Subversion uses multiple ssh connections. I doubt this will change. But I'm just a user, not a developer.
You should probably file a bug report with whoever configured your firewall to work that way, because it is not compatible with how Subversion uses ssh.
You could also consider using http or https instead of ssh.
RE: multiple ssh connections
Posted by Jeremy Mordkoff <jl...@ZeeVee.Com>.
Another option is to establish a single SSH session using port mapping
and then run all of your SVN traffic across that.
Something like
ssh -L 3690:svn_server:3690 ssh_server
svn svn://localhost/....
The first line says take any traffic destined for the svn port on my
machine and send it to the svn port on the svn server at the other end
of an SSH tunnel.
The second line says pretend my svn server is local
JLm
Re: multiple ssh connections
Posted by Les Mikesell <le...@gmail.com>.
On 6/16/2010 5:08 PM, Hyrum K. Wright wrote:
>>>
>>> The Subversion client has a bad habit of treating repository access
>>> connections (whether they be http, svn, or something else) as cheap
>>> resources. Of course this is an invalid assumption, but it hasn't yet
>>> been addressed by the developers.
>>
>> I'm not sure subversion is the right tool in the first place if you can't
>> arrange good network connectivity.
>
> I was speaking more to the fact that repository access sessions can be
> expensive to initiate. Treating them as near-zero-cost when they
> aren't leads to a lot of waste.
I understand and agree that it could be improved but it still seems like
you are fixing the wrong problem if it is hard enough to establish a
connection that it bothers you.
--
Les Mikesell
lesmikesell@gmail.com
Re: multiple ssh connections
Posted by "Hyrum K. Wright" <hy...@mail.utexas.edu>.
On Wed, Jun 16, 2010 at 4:46 PM, Les Mikesell <le...@gmail.com> wrote:
> On 6/16/2010 4:21 PM, Hyrum K. Wright wrote:
>>
>> The Subversion client has a bad habit of treating repository access
>> connections (whether they be http, svn, or something else) as cheap
>> resources. Of course this is an invalid assumption, but it hasn't yet
>> been addressed by the developers.
>
> I'm not sure subversion is the right tool in the first place if you can't
> arrange good network connectivity.
I was speaking more to the fact that repository access sessions can be
expensive to initiate. Treating them as near-zero-cost when they
aren't leads to a lot of waste.
-Hyrum
Re: multiple ssh connections
Posted by Les Mikesell <le...@gmail.com>.
On 6/16/2010 4:21 PM, Hyrum K. Wright wrote:
>
> The Subversion client has a bad habit of treating repository access
> connections (whether they be http, svn, or something else) as cheap
> resources. Of course this is an invalid assumption, but it hasn't yet
> been addressed by the developers.
I'm not sure subversion is the right tool in the first place if you
can't arrange good network connectivity.
> A couple of us talked last week
> over dinner about the potential of being more intelligent about
> reusing connections, but there isn't any definite timetable to do so.
Maybe something more drastic like git-svn would be a better approach if
you have to think twice about making a connection. I'm not sure how it
handles the remote repository connection when you need it, though.
If it is just a matter of firewall restrictions, maybe the people that
need them could arrange some sort of vpn to bypass it.
--
Les Mikesell
lesmikesell@gmail.com
Re: multiple ssh connections
Posted by "Hyrum K. Wright" <hy...@mail.utexas.edu>.
On Wed, Jun 16, 2010 at 2:41 PM, Will Shackleford <sh...@cme.nist.gov> wrote:
>
>
> We have a lot of trouble with the fact that subversion needs to use multiple
> ssh connections to do a
> single svn update. Our firewall only allows one connection through before
> you have to login to the firewall
> again. (which is an incredible pain)
> Also tortoisesvn doesn't seem to be integrated with an ssh-agent so the
> windows users need to
> type their username and password 3 times even when not going through the
> firewall.
>
> Directly accessing the repository files or using the pserver are not really
> options for us, given the
> need to administer users and open up the network ports etc.
>
> Is there a way it can be reconfigured now to use only a single ssh
> connection now or
> should submit and issue for this to be fixed later?
The Subversion client has a bad habit of treating repository access
connections (whether they be http, svn, or something else) as cheap
resources. Of course this is an invalid assumption, but it hasn't yet
been addressed by the developers. A couple of us talked last week
over dinner about the potential of being more intelligent about
reusing connections, but there isn't any definite timetable to do so.
So yes, Subversion could be better, but there are other things of
higher priority to the devs right now.
-Hyrum