[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Regarding svn+ssh setup, virtual roots and other options

From: Oded Arbel <oded_at_geek.co.il>
Date: 2006-03-07 16:21:44 CET

Hi.

I'm trying to use Subversion over ssh. I've installed subversion from
Mandriva RPMs, which by default have the repositories
under /var/lib/svn/repositories - which is ok for me, and I got it
working fine using svnserve under xinetd (svn:// urls)

The problem is that when using svn+ssh:// urls the setup is much more
complicated. specifically, if I want to use anything other then the
hardcoded 'svnserve -t', then according to the FAQ I have to setup all
kind of SSH keys on the client side.

I have some problems with that setup -
*) having a central configuration location is better then needing to
configure for each user.
*) I rather not trust my users not to mess up their configurations (by
mistake or on purpose).
*) its a bother to setup for each user.

I was thinking of using the SSH2 subsystem mechanism instead of relying
on the client to call the command correctly. On the face of it its very
simple - I've setup a simple bash script to call svnserve with the
parameters I want to use (tunnel and virtual root for example). Then I
add a subsystem line to the sshd_config file which calls that script
for the svnserve subsystem. Then all I have to do is make sure that
clients use
ssh -s <user>@<host> svnserve
instead of
ssh <user>@<host> 'svnserve -t'

Unfortunately there is no configuration to override the command used
over the tunnel (unless I go the way of the specially crafted keys -
which I didn't want to use in the first place), unlike the tunnel setup
which can be overriden.

So I've setup a patch to libsvn_ra_svn/client.c, to basically remove the
'-t' parameter, so the command is just 'svnserve' (this is just for
testing, I'm not suggesting that this is included in the current
trunk), and then I can checkout using this command:
SVN_SSH="ssh -s" svn co svn+ssh://user@host/myproject/trunk
and it gets to use my keys for auth, and I get virtual roots.

its not entirely what I wanted to get as I want 0 effort on the side of
the client with full flexibility on the server, and currently the
client is required to define SVN_SSH (and patch the subversion client),
but I wanted your opinion on that, if you please ? 

-- 
Oded
::..
Love may not make the world go round, but I must admit that it makes the 
ride worthwhile.
	-- Sean Connery
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Mar 7 16:24:47 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.