[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Wrong username for commits

From: Monks, Peter <peter.monks_at_vignette.com>
Date: 2004-12-05 21:50:30 CET

G'day Gili,
> 1) How do I pick a random local open port to pass into -L? I don't
> want to keep the port-forwarding beyond the scope of a single
> transaction.
Why not just use 3690 (the svnserve default)? Or do you have some
other software running on all of your developer machines that is
already listening on that port?

> 2) How does one "disconnect" a specific port-forward?

Issue a disconnect command in your SSH client (obviously the details
vary based on the SSH client you're using).

Peter Monks http://www.sydneyclimbing.com/
pmonks_at_sydneyclimbing.com http://www.geocities.com/yosemite/4455/


        From: Gili [mailto:junk@bbs.darktech.org]
        Sent: Sunday, December 05, 2004 10:06am
        To: Ben Collins-Sussman
        Cc: users@subversion.tigris.org
        Subject: Re: Wrong username for commits
        On Sun, 5 Dec 2004 10:26:36 -0600, Ben Collins-Sussman wrote:
>On Dec 5, 2004, at 10:09 AM, Gili wrote:
>> Well, the only reason I am even running Subversion this way
>> because there doesn't seem to be a better way to run it
through a SSH
>> tunnel. Ideally I want a single Subversion server running in
>> mode and authenticating all operations like you mentioned and
have the
>> SSH client connect to the Subversion server using normal
>> operations. Right now we are having the SSH client spawn a
>> server per connection which is far from ideal (for
performance and
>> security reasons).
>> Isn't there a way for us to do this?
>> 1) SSH server and Subversion server running in deamon mode
>> 2) User connects to the server using SSH client
>> 3) User invokes svn client operations on the remote
>Sure there is. Start 'svnserve -d' on a server behind some
>then have all your users set up ssh-encrypted 'tunnels' through
>firewall, to port 3690 on your server. This ssh tunnelling
>works for essentially every server-process in the universe;
it's not
>an svn-specific solution at all. It's described in this FAQ:
> http://subversion.tigris.org/project_faq.html#paranoid
>of course, the annoyance with this is (1) teaching your users
to set up
>tunnels with 'ssh -L', (2) being prompted for BOTH ssh and
>I have to ask: is it critical that all data passing over the
link be
>encrypted? If not, your life would be a heck of a lot simpler
>using 'svnserve -d' and the built-in authentication it
supports. Leave
>ssh out completely.
>Or, if it's critical that the link be encrypted, use apache/SSL
as your
        So ideally I'd want to stick the following in a script:
        ssh -L <blah>
        svn <command>
        ssh <disconnect>
        So it would enable port-forwarding, run a command, disconnect
all automatically for me. Two questions:
        1) How do I pick a random local open port to pass into -L? I
don't want to keep the port-forwarding beyond the scope of a single
        2) How does one "disconnect" a specific port-forward?

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 5 21:52:39 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.