I finally got around to trying this and it works perfectly! Thank you
Faried!
Why isn't this approach documented in the book? This is a viable
alternative to HTTPS for those of us that don't want to give system
accounts to folks accessing the repository but, at the same time, want
encrypted authentication as well as encrypted repository data
transfers. In fact, this method is much easier to implement than HTTPS
if you are not that familiar with apache (like myself). If you use
TortoiseSVN, however, it takes a little more work on the client side and
requires downloading 'puttygen'. But it is possible and it works.
Also, HTTPS obviously has problems for some of us with large
repositories and/or large files (remember the illegal padding issue that
started this thread?). This SSH approach does not suffer from that
issue. So, in other words, not only is this an elegant solution for my
situation -- it is the only solution for my situation.
Thanks again Faried. And SVN folks -- please consider documenting this
approach in the book.
Andy
Faried Nawaz wrote:
>On Thu, 29 Jul 2004 19:21:19 -0500, Andy Helten
><andy.helten@dot21rts.com> wrote:
>
>
>
>>Thanks! I will give this a try. The only step I may have a problem
>>with is locking down a user account so that it can only access ssh. Is
>>this documented somewhere for Linux?
>>
>>
>
>To restrict the commands remote users can run,
>
>- have every user generate keys using ssh-keygen
>- put their pubkeys in the svn repo account's ~/.ssh/authorized_keys2
>- place 'command="/path/to/svnserve any-args"' on each line before the key data
>
>This is described in sshd's man page.
>
>
>Faried.
>
>
>
Received on Mon Aug 9 22:19:23 2004