Setting up svnserve to work with ssh in winXP : a detailed guide (Version 0.1)

[Andrea M <an...@bufera.org>]

I promised this several weeks ago. Consider it a 1.0 release gift.  I am 
posting here mainly to provide a permanent link to the guide. Comments 
and corrections appreciated.

TITLE: Setting up svnserve to work with ssh in winXP : a detailed guide

VERSION: 0.1

WARNING: the author of this guide knows nothing about ssh/security. Use 
at your own risk. Send me comments/mistakes/corrections at 
andrea.m@bufera.org

CREDITS: Some of these instruction were copied, pasted and adapted from 
this page http://tech.erdelynet.com/cygwin-sshd.html

INTRODUCTION

Why svnserve?

I find it easier and probably less prone to risks to use svnserve than 
apache2. Moreover, I have so far been unable to configure ssh to work 
with apache on XP (but I presume that I would be able to do so with 
enough effort). The main advantage is that you won't need to move around 
and copy dll files every time a new release of subversion comes out (as 
you would have to do if you used apache).

What software will you need besides a standard subversion installation?

You'll need to instal cygwin (steps 1-3 below) which turns out to be 
useful for many other reasons (if anything, shell autocompletion). You 
need cygwin to get openssh and cygrunsrv installed on the server, and 
ssh on the client

What expertise do I need and why should I read this guide?

To a computer expert, everything is pretty straightforward... but only 
once you've done it. I think the only tricky step (one that I wouldn't 
have expected), is #7, and I also spent some time figure out the problem 
with usernames mentioned in the NOTE of step #10. Some steps might be 
useless (I think #5). Finally, I can't recall exactly what I did to 
automatize the crucial step #6. Before others fill in, simply run it 
manually everytime you log on. Let me repeat here the warning I 
mentioned above: the author of this guide knows nothing about 
ssh/security, so repeating these steps may not necessarily add any 
security to your system.

DETAILED STEPS

ON THE SERVER MACHINE

1. Set up your environment for Cygwin. For NT 4, Windows 2000 and Win 
XP, this is done by right-clicking on My Computer and choosing 
Properties. In NT4, it's on the Environment tab. In Windows 2000, it's 
the Environment Variables on the Advanced tab. Add the following setting 
to the System Environment:

     CYGWIN = ntsec tty

Append the following variable to contain the following:

     Path : ;C:\Cygwin\bin

Note that if you are NT/2K on FAT(32), the ntsec option for the CYGWIN 
variable won't help you much. In these cases, just set CYGWIN to "tty". 
(Note: Through email, I've been notified that having CYGWIN=ntsec 
actually does made a difference on FAT(32) systems. Geoffrey Hoo)

2. Get the cygwin setup utility from www.cygwin.com. Install it and 
follow the basic instructions to download the standard packages from a 
mirror (this will take quite a bit, depending on your connection)

3. Open cygwin setup again,  Click on the "+" next to "Admin" to expand 
it. Click on the word "Skip" next to the word cygrunsrv to install the 
NT/Win2k/XP Cygwin Service Initiator. Install cygwin-doc from "Doc", and 
openssh  from "Net".

4. Now, configure the ssh daemon. Open a command prompt. Cd to c:\cygwin\bin
Run "ssh-host-config -y" to set it up. This step will create necessary 
configuration files, a privilege separation user and necessary 
directories. When prompted with "CYGWIN=" type what you set CYGWIN to in 
step 1 (ntsec tty).

5. You will probably want to change permissions and ownership on some files:

     * cd /; chmod -R og-w .
     * chmod og+w /tmp
     * touch /var/log/sshd.log
     * chown system:system /var/log/sshd.log /var/empty /etc/ssh_h*
     * chmod 755 /var/empty

(Note: I am not sure this does anything on windows, but no harm in doing it)

6. Now you are ready to start the service: "net start sshd" (to stop it 
use "net stop sshd). (Note: unfortunately, I forgot how I got this step 
do be done automatically every time I reboot the machine. Maybe that's 
because I didn't need to do anything. I hope somebody can fill in on this).

7. Back to your command prompt, type
cd c:\cygwin\etc
and check the passwd file with a text editor (for example, type "notepad 
passwd").
One of its lines should be the name of an XP user. If not type
mkpasswd -l -u username >> passwd
This command will append another line to the passwd file
IMPORTANT: If you want to create a new user you first have to create it 
in xp: right click on my computer and click on properties/advanced/add 
user and add another user with its password; then go back to 
c:\cygwin\etc and type
mkpasswd -l -u newusername >> passwd

8. Test the service by running "ssh localhost" and see if you can 
connect using all of the usernames/passwords you set up in step 7

ON THE CLIENT MACHINE

9. If step 8 was successful, go to your client. Repeat steps 1 to 3 on 
the client (I think you need only openssh from cygwin there). Repeat 
step 8 there. If your machine complains about missing files and stuff 
like it, ignore it and go to step 10.

10. Open in a text editor the subversion config file, which should be 
typically in c:\Documents and Settings\[your user name]\Application 
Data\Subversion\ , remove the # sign at the beginning of the line
# [tunnels]
a few lines underneath there is a line like this
# ssh = $SVN_SSH ssh
remove the # from this line too and add -l username
where username is the name of a valid user on the server machine so that 
the line now reads as follows:
ssh = $SVN_SSH ssh -l username

11. Now test your setup by typing
svn list svn+ssh://your.server.com/path/to/repository
In xp you'll be prompted to enter the password of the username specified 
in the config file in step 10. WARNING: In a win2k system I tested, the 
whole thing just hangs waiting for your password. You won't even see a 
prompt. Type the password anyway. If successful, you should see your 
repository dir listing. In some systems, if you make a password mistake, 
you'll be prompted for a correction, but you might as well press enter 
again since typing the correct password won't give you a connection. You 
must type the correct password the first time.

NOTE: you cannot run your svn commands with --username since your 
username is already specified in the config file. Omitting -l username 
in config doesn't work either since ssh is going to use some default 
username rather than picking what you specified in --username






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org