On Wed, Mar 19, 2008 at 11:59 AM, Greg Willits <lists_at_gregwillits.ws> wrote:
> OS X 10.5.2, svn 1.4.4, OpenSSH_4.5p1, OpenSSL 0.9.7l
>
> It's either trouble with my ssh setup or my understanding of how it should
> work...
>
> After reading oodles and oodles of blogs and articles (mostly about Linux
> of course), I get the impression, that I should be able to use ssh-keygen
> and authorized_keys to create a collection of "users" that are not "real" OS
> users which should still be able to log into the system.
>
> Symptom:
>
> when I attempt to use ssh via keys, I still get prompted to enter a
> password (which doesn't exist). From everything I read, I am expecting this
> to not happen.
>
> Here's what I have done:
>
> -- used ssh-keygen to create svnkey and svnkey.pub files. (For now, no
> passphrases.)
>
> -- placed the svnkey file in the client computer's user home /.ssh folder
> (/Users/DUDE/.ssh/svnkey)
>
> -- made sure owner = the user, and perms is rw for the owner only
>
> -- on the server, there's a user named "svn" with a home folder (where all
> the repos go) in which I created the .ssh/authorized_keys file. I used cat
> to append the svnkey.pub and then modify that entry with a command=""
> component according to all the svn docs.
>
> -- again, perms are set so the file is owned by the svn user, and rw for
> that owner only.
>
> Now, what I believe everything I have read tells me is that I should be
> able to use the svn commands like this:
>
> svn list svn+ssh://{server.domain}/path/to/repo
>
> and I should not be prompted for a password because the SSH keys will be
> used.
>
> However, I always get prompted for a password. So either I'm
> misunderstanding, missing some steps, or still have some perms wrong
> somewhere.
>
> Any suggestions?
>
I have not set up a repository using the tunnel tricks. So these suggestions
are only my guesses.
First, I suggest that you make sure you can ssh into the server machine
without password. Then try to bring svn into the picture. It will be easier
to debug that way.
Secondly, I am not sure whether you are using svn_at_server in the URL.
Basically you are setting it up in such a way that 'greg_at_client-machine' is
connecting to 'svn_at_server-machine'. Greg's public key is
server-machine:/home/svn/.ssh/authorized_keys and his private key is in
client-machine:/greghome/.ssh/. When Greg connects to the server machine, he
should always use svn@ in the URL.
To come back to my first suggestion, remove the command="" (temporarily) in
the authorized keys and try to ssh using "ssh svn_at_server-name" and see if
you can do password-less access. If not, then there is a problem with the
ssh setup and that needs to be fixed first.
Third, IIRC, I believe the .ssh directory itself needs to be "rwx" (not just
"r-x") or the user.
Please let us know if this works.
Thanks,
-Hari
Received on 2008-03-19 20:28:59 CET