[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN+TortoisePlink+SSH.

From: Peter Scmsvn <scmsvn_at_gmail.com>
Date: 2006-05-18 21:41:05 CEST

Hi,

it seems to work fine, except it would have been nice not to use that sort
of "hack", but well... It'll do ;)

So as to leave a trace in the userlists, here is the way to do it:

Getting SVN:// protocol tunnelled:
========================

First get an ssh client, tortoisePlink will do fine for that, or you can use
Putty, and save your settings in a session name.

Second, set yourself a private/public keypair as explained in all the
tutorials about svn+ssh://

Once you have that setup correctly,
open the ssh tunnel to the same port using the following command:

tortoiseplink -N -L 3690:localhost:3690 -l USER -i
"C:\path\to\privatekey.ppk"
(check the tortoiseplink usage to get info on those options).
That command will ensure you don't have a hanging annoying window, and can
help you wrap that
command on a clickable script for instance.

Then you will be able to access your repository using
svn://localhost/path/to/repos/
Using a different port would have required you add it to the URL
(svn://localhost:10000/...)

But, and this is VERY IMPORTANT, allowing the svn:// protocol server-side
would allow
anyone to just type in svn://server/path/to/repos/ and still freely access
your repository.

If you want to block the access to only the people that have an account on
the machine,
you will have to modify your iptables, to allow only connections from the
server's localhost
on the port 3690, so, on the svn server, type:

iptables -A INPUT -p tcp -s 127.0.0.1 --dport 3690 -j ACCEPT
(to accept all incomming from the localhost)

iptables -A INPUT -p tcp --dport 3690 -j REJECT
(to disallow all the others)

then, only SSH will be allowed to ask on port 3690, thus, only people with
ssh connection
on the server will be allowed to use svn://.

With that method, if you have set your svn+ssh:// earlier, you can still use
it, but svn:// is faster (2-3sec, vs 1s)

The only problem using tortoisePlink as an ssh client, is that if you do not
kill it, it will run indefinitely,
you might want to add a connection timeout to sshd on your server.

I hope this will help people out.

--Peter.

On 5/17/06, Eric Hanchrow <offby1@blarg.net> wrote:
>
> I can only vaguely guess what your problem is, but:
>
> You can try tunneling the "svn" protocol over ssh. That will get some
> of the benefits of svn+ssh -- namely, keeping Bad Guys away from your
> server, and encryption of network traffic.
> --
>
> |\ _,,,---,,_
> ZZZzz /,`.-'`' -. ;-;;,_
> |,4- ) )-,_. ,\ ( `'-'
> '---''(_/--' `-'\_) fL
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
> For additional commands, e-mail: users-help@tortoisesvn.tigris.org
>
>
Received on Thu May 18 21:41:14 2006

This is an archived mail posted to the TortoiseSVN Users mailing list.