[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Regarding svn+ssh setup, virtual roots and other options

From: Max Bowsher <maxb1_at_ukf.net>
Date: 2006-03-09 01:34:41 CET

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oded Arbel wrote:
> Hi.
>
> I'm trying to use Subversion over ssh. I've installed subversion from
> Mandriva RPMs, which by default have the repositories
> under /var/lib/svn/repositories - which is ok for me, and I got it
> working fine using svnserve under xinetd (svn:// urls)
>
> The problem is that when using svn+ssh:// urls the setup is much more
> complicated. specifically, if I want to use anything other then the
> hardcoded 'svnserve -t', then according to the FAQ I have to setup all
> kind of SSH keys on the client side.
>
> I have some problems with that setup -
> *) having a central configuration location is better then needing to
> configure for each user.
> *) I rather not trust my users not to mess up their configurations (by
> mistake or on purpose).
> *) its a bother to setup for each user.
>
> I was thinking of using the SSH2 subsystem mechanism instead of relying
> on the client to call the command correctly. On the face of it its very
> simple - I've setup a simple bash script to call svnserve with the
> parameters I want to use (tunnel and virtual root for example). Then I
> add a subsystem line to the sshd_config file which calls that script
> for the svnserve subsystem. Then all I have to do is make sure that
> clients use
> ssh -s <user>@<host> svnserve
> instead of
> ssh <user>@<host> 'svnserve -t'
>
> Unfortunately there is no configuration to override the command used
> over the tunnel (unless I go the way of the specially crafted keys -
> which I didn't want to use in the first place), unlike the tunnel setup
> which can be overriden.
>
> So I've setup a patch to libsvn_ra_svn/client.c, to basically remove the
> '-t' parameter, so the command is just 'svnserve' (this is just for
> testing, I'm not suggesting that this is included in the current
> trunk), and then I can checkout using this command:
> SVN_SSH="ssh -s" svn co svn+ssh://user@host/myproject/trunk
> and it gets to use my keys for auth, and I get virtual roots.
>
> its not entirely what I wanted to get as I want 0 effort on the side of
> the client with full flexibility on the server, and currently the
> client is required to define SVN_SSH (and patch the subversion client),
> but I wanted your opinion on that, if you please ?

In an ideal world, yes, subsystems are a good fit for svn+ssh.

In the real world, compatibility concerns pretty much rule them out:

* We don't want to require SSH2

* Even if we did, can we rely on every ssh client implementing the same
command line syntax for them?

As a practical matter, I think what we need to do is to design an
/etc/subversion.conf config file.

Max.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)

iD8DBQFED3ghfFNSmcDyxYARArCTAJ9GoT6y6rtTQ6GYv0yqAmbZPXHe7ACfRpw9
TaPDcVcFuyfTQkkYv8qIBaI=
=87JF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Mar 9 01:35:06 2006

This is an archived mail posted to the Subversion Dev mailing list.