[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

SSH configuration question

From: <mansenca_at_labri.fr>
Date: 2005-09-08 23:08:29 CEST

Hi,

I have read the documentation, the faq and searched the archive, but there are
ssh things that I don't totally understand.

I am particulary interested in the "SSH configuration tricks" paragraph
(here:
http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks
 )
to have multiple users share a single system account (with svnserve, on linux).

"To begin, locate the home directory of the account you'll be using to launch
svnserve."

suppose this account is "svn", and its home directory is /home/svn

"It's also possible to have multiple users share a single account. Instead of
creating a separate system account for each user, generate a public/private
keypair for each person. Then place each public key into the authorized_users
file, one per line, and use the --tunnel-user option:

  command="svnserve -t --tunnel-user=harry" TYPE1 KEY1 harry@example.com
  command="svnserve -t --tunnel-user=sally" TYPE2 KEY2 sally@example.com

This example allows both Harry and Sally to connect to the same account via
public-key authentication. Each of them has a custom command that will be
executed; the --tunnel-user option tells svnserve -t to assume that the named
argument is the authenticated user. Without --tunnel-user, it would appear as
though all commits were coming from the one shared system account."

So each user execute ssh-keygen to generate a pair of keys and I copy each
public key in /home/svn/.ssh/authorized_keys, right ?

What I do not understand is how ssh know that it must refer to the "svn" account
? (read ~svn/.ssh/authorized_keys and not ~anyUser/.ssh/authorized_keys ?)

Thanks,

Boris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Sep 8 23:10:31 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.