[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion authentication security issue (svnserve, MITM)

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sun, 18 Jan 2015 03:43:26 +0000

Stefan Sperling wrote on Fri, Jan 16, 2015 at 11:03:17 +0100:
> On Fri, Jan 16, 2015 at 10:35:46AM +0300, Navrotskiy Artem wrote:
> > Configuration svnserver + ssh even in local network adds more overhead to establish the connection (I have 0.3 seconds per connection). Console svn client reconnects too often (eg, svn status -u A.txt B.txt C.txt produces 6 serial connections).
>
> You can improve performance by making use of SSH connection pooling.
> See the ssh_config(1) man page:
>
> ControlMaster
> Enables the sharing of multiple sessions over a single network
> connection. When set to yes, ssh(1) will listen for
> connections on a control socket specified using the ControlPath
> argument. Additional sessions can connect to this socket using
> the same ControlPath with ControlMaster set to no (the
> default). These sessions will try to reuse the master instance's
> network connection rather than initiating new ones, but will fall
> back to connecting normally if the control socket does not exist,
> or is not listening.
>

Concretely:

1. Set ControlPath in ~/.ssh/config (one time)
2. Run 'ssh -MNf host' to establish the SSH connection (once per boot)
3. Every svn+ssh operation to that host will then reuse the existing SSH connection.
Received on 2015-01-18 04:48:13 CET

This is an archived mail posted to the Subversion Dev mailing list.