Hi,
I made a little mistake in the tortoisePlink command to call to start the
tunnel, it should be :
tortoiseplink -N -L 3690:localhost:3690 -l USER -i
"C:\path\to\privatekey.ppk" SERVER
(forgot SERVER).
Maybe it would be a good idea to add that little tutorial in the
documentation, near the one explaining svn+ssh://,
if you do not plan on "fixing" the one-handshake-per-folder thing.
Thanks,
Have a nice day,
--Peter.
On 5/18/06, Peter Scmsvn <scmsvn@gmail.com> wrote:
>
> Hi,
>
> it seems to work fine, except it would have been nice not to use that sort
> of "hack", but well... It'll do ;)
>
> So as to leave a trace in the userlists, here is the way to do it:
>
> Getting SVN:// protocol tunnelled:
> ========================
>
> First get an ssh client, tortoisePlink will do fine for that, or you can
> use Putty, and save your settings in a session name.
>
> Second, set yourself a private/public keypair as explained in all the
> tutorials about svn+ssh://
>
> Once you have that setup correctly,
> open the ssh tunnel to the same port using the following command:
>
> tortoiseplink -N -L 3690:localhost:3690 -l USER -i
> "C:\path\to\privatekey.ppk"
> (check the tortoiseplink usage to get info on those options).
> That command will ensure you don't have a hanging annoying window, and can
> help you wrap that
> command on a clickable script for instance.
>
> Then you will be able to access your repository using
> svn://localhost/path/to/repos/
> Using a different port would have required you add it to the URL
> (svn://localhost:10000/...)
>
> But, and this is VERY IMPORTANT, allowing the svn:// protocol server-side
> would allow
> anyone to just type in svn://server/path/to/repos/ and still freely access
> your repository.
>
> If you want to block the access to only the people that have an account on
> the machine,
> you will have to modify your iptables, to allow only connections from the
> server's localhost
> on the port 3690, so, on the svn server, type:
>
> iptables -A INPUT -p tcp -s 127.0.0.1 --dport 3690 -j ACCEPT
> (to accept all incomming from the localhost)
>
> iptables -A INPUT -p tcp --dport 3690 -j REJECT
> (to disallow all the others)
>
> then, only SSH will be allowed to ask on port 3690, thus, only people with
> ssh connection
> on the server will be allowed to use svn://.
>
> With that method, if you have set your svn+ssh:// earlier, you can still
> use it, but svn:// is faster (2-3sec, vs 1s)
>
> The only problem using tortoisePlink as an ssh client, is that if you do
> not kill it, it will run indefinitely,
> you might want to add a connection timeout to sshd on your server.
>
>
> I hope this will help people out.
>
> --Peter.
>
>
> On 5/17/06, Eric Hanchrow <offby1@blarg.net> wrote:
> >
> > I can only vaguely guess what your problem is, but:
> >
> > You can try tunneling the "svn" protocol over ssh. That will get some
> > of the benefits of svn+ssh -- namely, keeping Bad Guys away from your
> > server, and encryption of network traffic.
> > --
> >
> > |\ _,,,---,,_
> > ZZZzz /,`.-'`' -. ;-;;,_
> > |,4- ) )-,_. ,\ ( `'-'
> > '---''(_/--' `-'\_) fL
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
> > For additional commands, e-mail: users-help@tortoisesvn.tigris.org
> >
> >
>
Received on Tue May 23 14:43:34 2006