[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: need help setting up svn+ssh://

From: Michael Wood <mwood_at_its.uct.ac.za>
Date: 2003-08-20 18:23:15 CEST

On Wed, Aug 20, 2003 at 08:18:01AM -0500, Ben Collins-Sussman wrote:
> Guido van Rossum <guido@python.org> writes:
>
[snip]
> There are two non-mutually-exclusive (but independent ways) to run
> svnserve:
>
> 1. have a daemon listening on port 3690, clients connected
> unauthenticated.

Or have (x)inetd start it as Guido has done, of course, which is
equivalent.

> 2. have clients use their own ssh binaries to spawn "private"
> svnserve processes on the server. They authenticate via ssh,
> and the svnserve process runs as their own UID.
>
> So it sounds like you want case #2, in which case, there was no need
> to set up case #1, unless you want to provide anonymous read-access to
> people someday.
>
> > But no matter what I try, I get the following error messages:
> >
> > svn: Couldn't find a repository
> > svn: No repository found in 'svn+ssh://<host>/home/subversion/<repos>'
>
> svn+ssh:// requires that you use an *absolute* path after the
> hostname. Is that what you're doing?

To get around this, you can use the "-r" switch to svnserve. Just bare
in mind that in "tunnel" mode (i.e. when using the svnserve protocol
over SSH etc.) svnserve must be run with the -t switch. Otherwise
everything will still be anonymous. You can do this by using SSH keys
and then putting something like this in the authorized_keys file:

command="svnserve -t -r /home/svn" ssh-dss AAAAB3...

(see the ssh docs for more details.)

This is not necessary if you do not want to use the "-r" switch.

> (Also, a future warning: because a bunch of users will be
> reading/writing the berkeley-db repository files, be careful about
> permissions and umasks. Many people make the 'svnserve' process on
> the server into a wrapper-script which 1) sets a sane umask, 2) runs
> the real svnserve.)
[snip]

Yes. To be slightly more explicit about this, all users need *write*
access to the Berkeley DB files even for apparently readonly operations.
If one user runs some svn command with the wrong umask, it will cause
problems for other people.

Your wrapper could be:
#!/bin/sh
umask 0007
exec /path/to/real/svnserve "$@"

As long as everyone is in the same group.

By the way, svn+ssh://blah works fine on Windows too. At least I've
tried it out with a Windows client connecting to a Linux server. I
think other people on the dev@subversion.tigris.org list have it working
with a Windows SSH server too, but I could be wrong.

You can use plink.exe as the ssh client. Get it from the Putty download
page.

One funny thing when setting this up under Windows is that you seem to
have to use double backslashes or single forward slashes in the config
file to specify the path to the SSH executable if it's not in your PATH.

e.g.:
[tunnels]
ssh = C:/blah/plink.exe
# or ssh = C:\\blah\\plink.exe

-- 
Michael Wood <mwood@its.uct.ac.za>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Aug 20 18:24:18 2003

This is an archived mail posted to the Subversion Users mailing list.