[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[TSVN] SVN+SSH+public key authentication on Windows Box as server - How To

From: Thorsten Möller <Thorsten.Moeller_at_umit.at>
Date: 2005-07-29 15:01:35 CEST

THIS IS NOT A QUESTION.
It is a short explanation how to configure SVN+SSH on a Windows box and how
to access it from clients using public key authentication.

Hi all,

I just want to provide my solution to the community since I have found out
that there might be many people struggling with the same issue.

1.) Server: Install Cygwin SSH daemon as described here:
http://pigtail.net/LRP/printsrv/cygwin-sshd.html

2.) Install SVN on the server (as described in Subversion doku)

3.) Server: Create an account (for instance "svnuser") which you will later
use for loggin in. Check that the user rights are sufficient to read, write
your SVN repository directory on the server.

3.a) Server (if not already done): Open Cygwin console and run "mkpasswd -l
> /etc/passwd"

4.) Client: Download PuTTY and
PuTTYgen(http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
and place it in a directory which is part of the PATH, for instance
"C:\Windows"

5.) Client: Create a key pair with PuTTYgen an save the keys.
5.a) Transfer the public key to the server file:
/home/<svnuser>/.ssh/authorized_keys

6.) Create a PuTTY session for loggin in to the server as described here:
http://tortoisesvn.berlios.de/?q=node/5
Do not forget to activate auto login, i.e. set the user name.

7.) Test whether you can log in to the server with the key.
7.a) Server: If that works you might want to disable password authentication
for SSH by editing /etc/sshd_config. Change/edit lines as follows (and
restart SSH service afterwards):

PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no

8.) Server: Modify /home/<svnuser>/.ssh/authorized_keys as follows. Note
that every user which is supposed to use SVN uses the same login but a
different key, thus you have to add one line for every user/key.

command="svnserve -t -r
c:/mySVNroot/ --tunnel-user=<SVNuser>",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
ssh-rsa <thePublicKey> <publicKeyComment>

The trick here is to use the slash instead of backslash to specifiy the SVN
repository root ("-r c:/mySVNroot/").
Another important thing is "--tunnel-user=<SVNuser>". Since all users later
will do a SSH login with the same login name (but different keys) you have
to map each key to a SVN user - remember that SVN maintains its own
users/userrights.

9.) Client: Access the repository with a URL like:

svn+ssh://<PuTTYSessionName>/<MyRepository>/trunc

In various documentations and news group postings you will read that the URL
has to contain the real path on the server. But this is not neccessary if
the "-r" parameter was set correctly, see 8. I swear, for me it works fine
:-)

Thorsten

Thorsten

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Jul 29 15:03:01 2005

This is an archived mail posted to the TortoiseSVN Dev mailing list.