[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Alternatives for remote access?

From: Justin Erenkrantz <jerenkrantz_at_apache.org>
Date: 2002-08-30 08:57:23 CEST

On Thu, Aug 29, 2002 at 11:38:52PM -0700, Robert W Anderson wrote:
> Port forwarding may be a practical solution. Let me attempt to
> understand the mechanics of this.
> svn co http://localhost:8888/ will be sent over the ssh connection to
> ssh-only-server, and it will be as if the command:
> svn co http:/ (where is ssh-only-server)
> was run on the remote machine, which is running apache and is configured
> to listen on port 8888 from the local machine only (if so configured).
> The results of which will come back across the ssh connection. Is that
> correct, in effect?

I think you have the right idea, but let me rephrase it slightly to
make it clearer:

1) From your local machine, you log in to your ssh-only server.
2) When you login, you create a 'tunnel' that connects your local
   machine's port 8888 to the remote machine's port 8888.
3) From your local machine, you run "svn co http://localhost:8888/"
4) The connection on local port 8888 will really connect to the
   remote machine's port 8888 (which has Apache httpd with a SVN
   install running).

Realize that you could setup the port forward to connect to
any machine/port combination that the machine you are SSHing to
can contact.

Subversion is completely clueless about what is going on. It
just thinks it is talking to a local SVN server via ra_dav, but
it's really connecting to a remote machine.

> This sounds good. And it should probably be advertised in the next
> breath from "subversion requires apache on the server side," since I had
> initially written off subversion for the same reasons that the gentleman
> from Sandia had expressed.

Perhaps worthy of inclusion in the FAQ.

> However, I would suspect that running apache ("a server") at all is a
> security violation where I work, since users are not trusted (and
> rightly so) to configure it appropriately for secure use. Indeed I find
> no trace of it in my originally RedHat distribution.

I've heard rumours that Apache 2.0 will be included in the next
RedHat release. -- justin

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 30 08:57:53 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.