[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: help: can't use ssh-agent with svnX

From: Bill Bug <bbug_at_speakeasy.org>
Date: 2004-08-22 15:33:03 CEST

Hi Michael,

Sorry - I've not gotten any takers on my post, yet. It's a bit long
which is bad list post etiquette, so that's probably discouraging folks
from reading it. :-(

I thought the details were required to really understand the nature of
this rather complex problem.

Here's my $0.02 (Canadian) on a few of your questions:

        1) My understanding is the 'svn+ssh' protocol is a rather funky beast.
  As opposed to connecting directly to TCP port 3690 on the remote SVN
server as the 'svn' protocol does, 'svn+ssh' first opens a connection
to the remote machine via SSH on standard port 22, then uses this SSH
tunnel to run 'svnserve -t' as a local process. I believe this means
it should not be able to use the tunnels we create in SSHKeychain, as
they re-direct the transaction to port 3690 on the remote machine. I
wouldn't expect this to work. However, I've found when I use 'svn+ssh'
on the command-line, I get a prompt from SSHKeychain indicating
'svn+ssh' is trying to communicate over the existing SSHKeychain
tunnel: "A process is trying to access the SSH Agent". This happens
whether I have the tunnel open or not, as long as SSHKeychain is
running. If I shut down SSHKeychain, 'svn+ssh' opens it's own tunnel.
I suppose this is because the two sections of the SSHKeychain tunnel
configuration can run independently - the SSH section may run whether
or not a local process tries to attach to the "Tunnel"s local listener
port. I can't think of how 'svn+ssh' would otherwise get to the local
listener port, as I am definitely not including that in the repository
URL:
        svn list svn+ssh://my.remote.server/path/to/repository

        2) SVNSERVER - I'd not thought of this before, but there might be a
way to adjust the svnserver default parameters, so how to make this
work correctly. I'm gonna try give that a try later today.

I let you know if I have any luck.

Cheers,
Bill

On Aug 21, 2004, at 5:01 AM, Michael Hanna wrote:

> hi, did you manage to figure out your problem? I'm doing the same
> thing with svnX and when I use:
>
> svn+ssh://localhost:9999
>
>
> I get host verification failed
>
> if I try:
>
> svn+ssh://myremotehost.ca:9999
>
> it asked for my remote password once then...
>
> Permission Denied, please try again
> Permission Denied, please try again
> Permission Denied, please try again
>
> which I suppose is correct
>
>
> also if I try from a command-prompt:
>
> svn list svn+ssh://myremotehost.ca:9999
> tao@ myremotehost.ca's password:
> svn: No repository found in 'svn+ssh://myremotehost.ca:9999'
>
> which is really odd because I got this feedback message when I started
> svnserve:
>
> [lao:/Library/svn/conf] tao% svnserve -d -t -r /Library/svn
> ( success ( 1 2 ( ANONYMOUS EXTERNAL ) ( edit-pipeline ) ) )
>
>
> svnserve settings
> -----------------------
>
> svnserve -d -t -r /Library/svn
>
>
> SSHKeychain Settings:
> -------------------------------
> Tunnel Name: My SVN Tunnel
> Local Port: 9999
> Remote Hostname: myhostname.ca
> Remote Port: 3690
>
> SSH Hostname myhostname.ca(same as Remote Hostname)
> SSH Port 22
> SSH Username username
>
>
> thanks for any help on this.
> Michael
>
>
> On 20-Aug-04, at 6:39 AM, Bill Bug wrote:
>
>> Hi All,
>>
>> NB: Sorry for the duplicate post. The first was sent with the wrong
>> reply email address, so I'd not likely pick up on any responses set
>> directly to that address. List-admin - please post this one rather
>> than the first. Thanks.
>>
>> Many thanks for all the valuable info folks have contributed to this
>> list - and thanks especially to the developers of Subversion. It's
>> superb!
>>
>> Sorry to be posting an ssh question again. I've seen many such posts
>> here, but unfortunately not one that's solves my problem.
>>
>> I'm trying to use ssh-agent in the hope I'll be able to access my
>> subversion repository with svnX - the very nice new GUI SVN client
>> written for Mac OS X
>> (http://www.lachoseinteractive.net/en/community/subversion/svnx/
>> features/).
>>
>> There's also a ssh-agent Mac OS X GUI application, too, called
>> SSH-Keychain (http://www.sshkeychain.org/) which helps to simplify
>> use of ssh-agent. Basically, you define ssh "tunnel"s in the
>> SSHKeychain preferences, and these can automatically cache your
>> passphrase and keep an open ssh tunnel set up for you. Each tunnel
>> is configured with the following info:
>> Tunnel-
>> human-readable name
>> local port
>> remote host
>> remote port
>> SSH-
>> ssh host
>> ssh port
>> ssh username
>>
>> The SSH section is automatically set to the default SSH port 22. You
>> just specify the host & username, and you're prompted for a password
>> when you try to open this tunnel.
>>
>> The Tunnel section is where you set up access to your remote
>> application. So, for instance, to connect to a PostgreSQL database
>> server via JDBC on our remote host, I configure a tunnel as follows:
>> name: "My PostgreSQL tunnel"
>> local port: 9999
>> remote host: our.remote.host
>> remote port: 5432
>>
>> Now, I define a JDBC URL to connect to the local port which looks
>> like this - jdbc:postgresql://localhost:9999/my-database. This is
>> opposed to connecting directly to the same database via the standard
>> PostgreSQL port 5432 on the remote machine with URL that looks like
>> this - jdbc:postgresql://our.remote.host:5432/my-database
>>
>> This all works fine with SSHKeychain. I define the PostgreSQL
>> tunnel, open it and login to the database using the URL
>> jdbc:postgresql://localhost:9999/my-database. I'm simply forwarding
>> the traffic being directed to my local port 9999 to port 5432 on my
>> remote machine all within the encrypted SSH connection.
>>
>> I tried using the same process for SVN, applying an analogous
>> approach.
>>
>> I defined the following SSHKeychain tunnel:
>> name: "My SVN tunnel"
>> local port: 9998
>> remote host: our.remote.host
>> remote port: 3690
>>
>> Then, running svn on the command line, I issued the following command:
>>
>> svn list svn://localhost:9998/path/to/svn/repository
>>
>> I can tell by watching IP packets (via tcpdump or Ethereal) I am
>> getting data into the tunnel over to the remote machine. One
>> encrypted packet gets over to the remote machine, one is immediately
>> sent back, followed by a TCP ACK packet. That's it - end of
>> conversation. On the command line, I get back the error "svn:
>> Connection closed unexpectedly"
>>
>> If, on the other hand, I issue the 'svn list' to a URL going directly
>> to the remote machine via the 'svn+ssh' protocol such as:
>>
>> svn list svn+ssh://our.remote.host/path/to/svn/repository
>>
>> I'm prompted for my password. Once entered, I get the repository
>> list back the way I should.
>>
>> Does anyone have any thoughts on why this might be happening?
>>
>> I'm hoping if I get this running, I'll also be able to use not only
>> the wonderful svnX GUI client, but also the svn plug-ins both for
>> NetBeans v3.4.x & for Apple's IDE XCode v1.5. All three of these SVN
>> client wrapper applications fail on me, when I try to log into the
>> repository via the 'svn+ssh' protocol. I'm pretty certain this has
>> to do with authentication based on the testing I've done which should
>> be remedied if I can use my SSHKeychain tunnel the way I've been able
>> to do successfully with PostgreSQL.
>>
>> Many thanks ahead of time for any help you can offer.
>>
>> Cheers,
>> Bill Bug
>>
>> Bill Bug
>> Senior Analyst/Ontological Engineer
>>
>> Laboratory for Bioimaging & Anatomical Informatics
>> Department of Neurobiology & Anatomy
>> Drexel University College of Medicine
>> 2900 Queen Lane
>> Philadelphia, PA 19129
>> 215 991 8430 (ph)
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>> For additional commands, e-mail: users-help@subversion.tigris.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
Bill Bug
Senior Analyst/Ontological Engineer

Laboratory for Bioimaging & Anatomical Informatics
Department of Neurobiology & Anatomy
Drexel University College of Medicine
2900 Queen Lane
Philadelphia, PA 19129
215 991 8430 (ph)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Aug 22 15:33:54 2004

This is an archived mail posted to the Subversion Users mailing list.