[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: TortoiseSVN+TortoisePlink+SSH.

From: Peter Scmsvn <scmsvn_at_gmail.com>
Date: 2006-05-31 16:16:45 CEST

Hi,

regarding that thread, It seems that tunnelling svn:// loses all the author
information.
(which is logical, since anonymous login has to be allowed.)

So I'm still stuck with the problem that using svn+ssh:// does one handshake
for each
transaction made, including opening folders, which takes approximately 2
seconds, that can
be a little annoying...

Another solution would be to use apache+ldap but woud it be possible to
chache the
connection information and keep alive the ssh session, as long as, lets say,
the repo-browser is opened ?

Thanks,

--Peter.

On 5/23/06, Peter Scmsvn <scmsvn@gmail.com> wrote:
>
> Hi,
>
> I made a little mistake in the tortoisePlink command to call to start the
> tunnel, it should be :
>
> tortoiseplink -N -L 3690:localhost:3690 -l USER -i
> "C:\path\to\privatekey.ppk" SERVER
>
> (forgot SERVER).
>
>
> Maybe it would be a good idea to add that little tutorial in the
> documentation, near the one explaining svn+ssh://,
> if you do not plan on "fixing" the one-handshake-per-folder thing.
>
> Thanks,
>
> Have a nice day,
>
> --Peter.
>
>
> On 5/18/06, Peter Scmsvn <scmsvn@gmail.com> wrote:
> >
> > Hi,
> >
> > it seems to work fine, except it would have been nice not to use that
> > sort of "hack", but well... It'll do ;)
> >
> > So as to leave a trace in the userlists, here is the way to do it:
> >
> > Getting SVN:// protocol tunnelled:
> > ========================
> >
> > First get an ssh client, tortoisePlink will do fine for that, or you can
> > use Putty, and save your settings in a session name.
> >
> > Second, set yourself a private/public keypair as explained in all the
> > tutorials about svn+ssh://
> >
> > Once you have that setup correctly,
> > open the ssh tunnel to the same port using the following command:
> >
> > tortoiseplink -N -L 3690:localhost:3690 -l USER -i
> > "C:\path\to\privatekey.ppk"
> > (check the tortoiseplink usage to get info on those options).
> > That command will ensure you don't have a hanging annoying window, and
> > can help you wrap that
> > command on a clickable script for instance.
> >
> > Then you will be able to access your repository using
> > svn://localhost/path/to/repos/
> > Using a different port would have required you add it to the URL
> > (svn://localhost:10000/...)
> >
> > But, and this is VERY IMPORTANT, allowing the svn:// protocol
> > server-side would allow
> > anyone to just type in svn://server/path/to/repos/ and still freely
> > access your repository.
> >
> > If you want to block the access to only the people that have an account
> > on the machine,
> > you will have to modify your iptables, to allow only connections from
> > the server's localhost
> > on the port 3690, so, on the svn server, type:
> >
> > iptables -A INPUT -p tcp -s 127.0.0.1 --dport 3690 -j ACCEPT
> > (to accept all incomming from the localhost)
> >
> > iptables -A INPUT -p tcp --dport 3690 -j REJECT
> > (to disallow all the others)
> >
> > then, only SSH will be allowed to ask on port 3690, thus, only people
> > with ssh connection
> > on the server will be allowed to use svn://.
> >
> > With that method, if you have set your svn+ssh:// earlier, you can still
> > use it, but svn:// is faster (2-3sec, vs 1s)
> >
> > The only problem using tortoisePlink as an ssh client, is that if you do
> > not kill it, it will run indefinitely,
> > you might want to add a connection timeout to sshd on your server.
> >
> >
> > I hope this will help people out.
> >
> > --Peter.
> >
> >
> > On 5/17/06, Eric Hanchrow < offby1@blarg.net> wrote:
> > >
> > > I can only vaguely guess what your problem is, but:
> > >
> > > You can try tunneling the "svn" protocol over ssh. That will get some
> > > of the benefits of svn+ssh -- namely, keeping Bad Guys away from your
> > > server, and encryption of network traffic.
> > > --
> > >
> > > |\ _,,,---,,_
> > > ZZZzz /,`.-'`' -. ;-;;,_
> > > |,4- ) )-,_. ,\ ( `'-'
> > > '---''(_/--' `-'\_) fL
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
> > > For additional commands, e-mail: users-help@tortoisesvn.tigris.org
> > >
> > >
> >
>
Received on Wed May 31 16:18:07 2006

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.