23 April 2008

Notes on accessing Subversion repositories via a custom SSH tunnel

I just spent a little while lost in the weeds as I was updating my server to support my custom svn+ssh setup. Here are my notes, just to help others along. I am trying to keep things simple, so I am running svnserve. I am also running sshd on a non-standard port -- this fact perhaps contributed to the way that I set all of this up. I want my setup to be simple to use on a day-to-day basis.

1. Suppose we have two machines, CLIENT and SERVER.

2. On CLIENT, generate a new ssh-key (KEY) and load it via ssh-agent.

3. I assume that on SERVER you have created a "subversion" user and created the repository in /home/subversion/repo .

4. On CLIENT, in your $HOME/.subversion/config file add the following to the [tunnels] stanza:

custssh = ssh -p your-port-number -l subversion \
-i /your/home/directory/.ssh/id_your_new_KEY

5: On SERVER add your new key to the ~subversion/.ssh/authorized_keys file, but add it in a special way:

command="svnserve --root=/home/subversion
no-agent-forwarding,no-X11-forwarding,no-pty ssh-dsa #$#$#$#$#key-stuff-goes-here-lBB you@somedomain.org

Tip: to prevent you from going off into the weeds, I strongly suggest that you familiarize yourself with the format of this file and ensure that no stray characters end up in this file...

6. And now you can access your Subversion repository like so:

svn co svn+custssh://SERVER/repo/trunk/top-secret-project

This is a very handy way to have things setup.

No comments: