[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Alternatives for remote access?

From: Robert W Anderson <rwa_at_alumni.princeton.edu>
Date: 2002-08-30 08:38:52 CEST

Justin Erenkrantz wrote:

>Indeed, I'm shocked no one mentioned port forwarding yet. (My brain
>is preoccupied by other issues, so I didn't even remember it.) Note
>CVS just uses a pipe rather than a true port forward, but you could
>use CVS with port forwarding if you wanted to - I have before.
>
>1) Run the http server on an unpriviliged port but blocked via
> firewall. (Configure apache to only allow from 127.0.0.1 if
> you don't trust your firewall.)
>2) Have developers connect via ssh to the server.
>3) Setup a local port forward to the remote machine's http server and
> access the repository locally.
>
>Steps:
>ssh -L 8888:127.0.0.1:8888 authorized-user@ssh-only-server
>svn co http://localhost:8888/
>
>There's no reason that wouldn't work. You just need to log in first
>with the port forwarding options so you can do your online ops.
>(I believe putty on Win32 does port forwarding, but I'm not sure.)
>
Port forwarding may be a practical solution. Let me attempt to
understand the mechanics of this.

svn co http://localhost:8888/ will be sent over the ssh connection to
ssh-only-server, and it will be as if the command:

svn co http:/127.0.0.1:8888 (where 127.0.0.1 is ssh-only-server)

was run on the remote machine, which is running apache and is configured
to listen on port 8888 from the local machine only (if so configured).
 The results of which will come back across the ssh connection. Is that
correct, in effect?

This sounds good. And it should probably be advertised in the next
breath from "subversion requires apache on the server side," since I had
initially written off subversion for the same reasons that the gentleman
from Sandia had expressed.

However, I would suspect that running apache ("a server") at all is a
security violation where I work, since users are not trusted (and
rightly so) to configure it appropriately for secure use. Indeed I find
no trace of it in my originally RedHat distribution.

Bob

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 30 08:39:14 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.