[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Setting up svnserve to work with ssh in winXP : a detailed guide (Version 0.1)

From: Andrea M <andrea.m_at_bufera.org>
Date: 2004-02-24 21:40:48 CET

I promised this several weeks ago. Consider it a 1.0 release gift. I am
posting here mainly to provide a permanent link to the guide. Comments
and corrections appreciated.

TITLE: Setting up svnserve to work with ssh in winXP : a detailed guide

VERSION: 0.1

WARNING: the author of this guide knows nothing about ssh/security. Use
at your own risk. Send me comments/mistakes/corrections at
andrea.m@bufera.org

CREDITS: Some of these instruction were copied, pasted and adapted from
this page http://tech.erdelynet.com/cygwin-sshd.html

INTRODUCTION

Why svnserve?

I find it easier and probably less prone to risks to use svnserve than
apache2. Moreover, I have so far been unable to configure ssh to work
with apache on XP (but I presume that I would be able to do so with
enough effort). The main advantage is that you won't need to move around
and copy dll files every time a new release of subversion comes out (as
you would have to do if you used apache).

What software will you need besides a standard subversion installation?

You'll need to instal cygwin (steps 1-3 below) which turns out to be
useful for many other reasons (if anything, shell autocompletion). You
need cygwin to get openssh and cygrunsrv installed on the server, and
ssh on the client

What expertise do I need and why should I read this guide?

To a computer expert, everything is pretty straightforward... but only
once you've done it. I think the only tricky step (one that I wouldn't
have expected), is #7, and I also spent some time figure out the problem
with usernames mentioned in the NOTE of step #10. Some steps might be
useless (I think #5). Finally, I can't recall exactly what I did to
automatize the crucial step #6. Before others fill in, simply run it
manually everytime you log on. Let me repeat here the warning I
mentioned above: the author of this guide knows nothing about
ssh/security, so repeating these steps may not necessarily add any
security to your system.

DETAILED STEPS

ON THE SERVER MACHINE

1. Set up your environment for Cygwin. For NT 4, Windows 2000 and Win
XP, this is done by right-clicking on My Computer and choosing
Properties. In NT4, it's on the Environment tab. In Windows 2000, it's
the Environment Variables on the Advanced tab. Add the following setting
to the System Environment:

     CYGWIN = ntsec tty

Append the following variable to contain the following:

     Path : ;C:\Cygwin\bin

Note that if you are NT/2K on FAT(32), the ntsec option for the CYGWIN
variable won't help you much. In these cases, just set CYGWIN to "tty".
(Note: Through email, I've been notified that having CYGWIN=ntsec
actually does made a difference on FAT(32) systems. Geoffrey Hoo)

2. Get the cygwin setup utility from www.cygwin.com. Install it and
follow the basic instructions to download the standard packages from a
mirror (this will take quite a bit, depending on your connection)

3. Open cygwin setup again, Click on the "+" next to "Admin" to expand
it. Click on the word "Skip" next to the word cygrunsrv to install the
NT/Win2k/XP Cygwin Service Initiator. Install cygwin-doc from "Doc", and
openssh from "Net".

4. Now, configure the ssh daemon. Open a command prompt. Cd to c:\cygwin\bin
Run "ssh-host-config -y" to set it up. This step will create necessary
configuration files, a privilege separation user and necessary
directories. When prompted with "CYGWIN=" type what you set CYGWIN to in
step 1 (ntsec tty).

5. You will probably want to change permissions and ownership on some files:

     * cd /; chmod -R og-w .
     * chmod og+w /tmp
     * touch /var/log/sshd.log
     * chown system:system /var/log/sshd.log /var/empty /etc/ssh_h*
     * chmod 755 /var/empty

(Note: I am not sure this does anything on windows, but no harm in doing it)

6. Now you are ready to start the service: "net start sshd" (to stop it
use "net stop sshd). (Note: unfortunately, I forgot how I got this step
do be done automatically every time I reboot the machine. Maybe that's
because I didn't need to do anything. I hope somebody can fill in on this).

7. Back to your command prompt, type
cd c:\cygwin\etc
and check the passwd file with a text editor (for example, type "notepad
passwd").
One of its lines should be the name of an XP user. If not type
mkpasswd -l -u username >> passwd
This command will append another line to the passwd file
IMPORTANT: If you want to create a new user you first have to create it
in xp: right click on my computer and click on properties/advanced/add
user and add another user with its password; then go back to
c:\cygwin\etc and type
mkpasswd -l -u newusername >> passwd

8. Test the service by running "ssh localhost" and see if you can
connect using all of the usernames/passwords you set up in step 7

ON THE CLIENT MACHINE

9. If step 8 was successful, go to your client. Repeat steps 1 to 3 on
the client (I think you need only openssh from cygwin there). Repeat
step 8 there. If your machine complains about missing files and stuff
like it, ignore it and go to step 10.

10. Open in a text editor the subversion config file, which should be
typically in c:\Documents and Settings\[your user name]\Application
Data\Subversion\ , remove the # sign at the beginning of the line
# [tunnels]
a few lines underneath there is a line like this
# ssh = $SVN_SSH ssh
remove the # from this line too and add -l username
where username is the name of a valid user on the server machine so that
the line now reads as follows:
ssh = $SVN_SSH ssh -l username

11. Now test your setup by typing
svn list svn+ssh://your.server.com/path/to/repository
In xp you'll be prompted to enter the password of the username specified
in the config file in step 10. WARNING: In a win2k system I tested, the
whole thing just hangs waiting for your password. You won't even see a
prompt. Type the password anyway. If successful, you should see your
repository dir listing. In some systems, if you make a password mistake,
you'll be prompted for a correction, but you might as well press enter
again since typing the correct password won't give you a connection. You
must type the correct password the first time.

NOTE: you cannot run your svn commands with --username since your
username is already specified in the config file. Omitting -l username
in config doesn't work either since ssh is going to use some default
username rather than picking what you specified in --username

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Feb 24 21:49:31 2004

This is an archived mail posted to the Subversion Users mailing list.