G'day Gili,
> 1) How do I pick a random local open port to pass into -L? I don't
> want to keep the port-forwarding beyond the scope of a single
> transaction.
Why not just use 3690 (the svnserve default)? Or do you have some
other software running on all of your developer machines that is
already listening on that port?
> 2) How does one "disconnect" a specific port-forward?
Issue a disconnect command in your SSH client (obviously the details
vary based on the SSH client you're using).
Cheers,
Peter
----------------------------------------------------------------------
Peter Monks http://www.sydneyclimbing.com/
pmonks_at_sydneyclimbing.com http://www.geocities.com/yosemite/4455/
----------------------------------------------------------------------
________________________________
From: Gili [mailto:junk@bbs.darktech.org]
Sent: Sunday, December 05, 2004 10:06am
To: Ben Collins-Sussman
Cc: users@subversion.tigris.org
Subject: Re: Wrong username for commits
On Sun, 5 Dec 2004 10:26:36 -0600, Ben Collins-Sussman wrote:
>
>On Dec 5, 2004, at 10:09 AM, Gili wrote:
>
>>
>> Well, the only reason I am even running Subversion this way
is
>> because there doesn't seem to be a better way to run it
through a SSH
>> tunnel. Ideally I want a single Subversion server running in
daemon
>> mode and authenticating all operations like you mentioned and
have the
>> SSH client connect to the Subversion server using normal
client
>> operations. Right now we are having the SSH client spawn a
Subversion
>> server per connection which is far from ideal (for
performance and
>> security reasons).
>>
>> Isn't there a way for us to do this?
>>
>> 1) SSH server and Subversion server running in deamon mode
>> 2) User connects to the server using SSH client
>> 3) User invokes svn client operations on the remote
connection
>>
>>
>
>Sure there is. Start 'svnserve -d' on a server behind some
firewall,
>then have all your users set up ssh-encrypted 'tunnels' through
the
>firewall, to port 3690 on your server. This ssh tunnelling
technique
>works for essentially every server-process in the universe;
it's not
>an svn-specific solution at all. It's described in this FAQ:
>
> http://subversion.tigris.org/project_faq.html#paranoid
>
>of course, the annoyance with this is (1) teaching your users
to set up
>tunnels with 'ssh -L', (2) being prompted for BOTH ssh and
svnserve
>authentication.
>
>I have to ask: is it critical that all data passing over the
link be
>encrypted? If not, your life would be a heck of a lot simpler
just
>using 'svnserve -d' and the built-in authentication it
supports. Leave
>ssh out completely.
>
>Or, if it's critical that the link be encrypted, use apache/SSL
as your
>server.
So ideally I'd want to stick the following in a script:
ssh -L <blah>
svn <command>
ssh <disconnect>
So it would enable port-forwarding, run a command, disconnect
all automatically for me. Two questions:
1) How do I pick a random local open port to pass into -L? I
don't want to keep the port-forwarding beyond the scope of a single
transaction.
2) How does one "disconnect" a specific port-forward?
Thanks,
Gili
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 5 21:52:39 2004