On Dec 5, 2004, at 10:09 AM, Gili wrote:
>
> Well, the only reason I am even running Subversion this way is
> because there doesn't seem to be a better way to run it through a SSH
> tunnel. Ideally I want a single Subversion server running in daemon
> mode and authenticating all operations like you mentioned and have the
> SSH client connect to the Subversion server using normal client
> operations. Right now we are having the SSH client spawn a Subversion
> server per connection which is far from ideal (for performance and
> security reasons).
>
> Isn't there a way for us to do this?
>
> 1) SSH server and Subversion server running in deamon mode
> 2) User connects to the server using SSH client
> 3) User invokes svn client operations on the remote connection
>
>
Sure there is. Start 'svnserve -d' on a server behind some firewall,
then have all your users set up ssh-encrypted 'tunnels' through the
firewall, to port 3690 on your server. This ssh tunnelling technique
works for essentially every server-process in the universe; it's not
an svn-specific solution at all. It's described in this FAQ:
http://subversion.tigris.org/project_faq.html#paranoid
of course, the annoyance with this is (1) teaching your users to set up
tunnels with 'ssh -L', (2) being prompted for BOTH ssh and svnserve
authentication.
I have to ask: is it critical that all data passing over the link be
encrypted? If not, your life would be a heck of a lot simpler just
using 'svnserve -d' and the built-in authentication it supports. Leave
ssh out completely.
Or, if it's critical that the link be encrypted, use apache/SSL as your
server.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 5 17:29:41 2004