[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

WG: Question about SSH

From: Andreas Schoe <andi_at_gfz-potsdam.de>
Date: 2005-03-30 16:28:12 CEST

-----Ursprüngliche Nachricht-----
Von: Andreas Schoe [mailto:andi@gfz-potsdam.de]
Gesendet: Mittwoch, 30. März 2005 10:14
An: 'Ben Collins-Sussman'
Betreff: AW: Question about SSH

I think so, that the passwords are passed in plaintext over the network with
the svn protocol but not with ssh.
I can use a request with svn like that: svn://
and I can use a request with svn+ssh like that svn+ssh://

When I uses the second way the password can be in plaintext. But I also have
the chance to get access with the first way.
I think the first way hasn´t any kind of secure because the network isn´t
secured and the password is written in plaintext.

I understand that this is an open source project and nobody wants to damage
something. But what is with confidential information?
In my opinion ssh is a more easier way to secure data because the SSL option
on Apache must have signed certifications.

Is there a chance to run only svn+ssh:// for example?

-----Ursprüngliche Nachricht-----
Von: Ben Collins-Sussman [mailto:sussman@collab.net]
Gesendet: Mittwoch, 30. März 2005 06:05
An: Andreas Schoe
Cc: users@subversion.tigris.org
Betreff: Re: Question about SSH

On Mar 29, 2005, at 8:53 AM, Andreas Schoe wrote:

> I use Subversion for a few days.
>
> Why does the svnserve use the passwd file with passwords written in
> plaintext?

Because otherwise, the password would have to be sent over the network
in plaintext.

>
> Is there any kind of Version that I can use the passwd with MD5
> algorithm like the Apache Server?
>

No.... not unless you use apache as your svn server.

You understand that apache's md5 passwords *are* passed essentially
plaintext over the network, right?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Mar 30 16:30:00 2005

This is an archived mail posted to the Subversion Users mailing list.