[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

ssh authentication

From: Eric Abrahamsen <girzel_at_gmail.com>
Date: Sat, 26 Jul 2008 20:00:17 +0800

I recently upgraded to 1.5, and compiled a new instance of Apache on
my server, and in the process broke my ssh authentication. I had kept
the authorization file that the AuthUserFile directive pointed to
within the old Apache installation, rather stupidly, and when I over-
wrote that installation I lost the file.

I've still got all the pieces except for that file, but can't for the
life of me get this working again. Here are the other pieces:

client-side .bash-profile:
export SVN_SSH="ssh -i /Users/client-user/.ssh/svnkey"

server-side http.conf:
<Location "/">
Dav svn
SVNParentPath /home/server-user/webapps/svn
AuthType Basic
AuthName "repository"
AuthUserFile /home/server-user/lib/svn-auth-file
Require valid-user
Order deny,allow
Allow from valid-user
Options -Indexes

In the original setup, I had no .ssh/authorized_keys file in my server
home. Whatever was doing the authentication was inside svn-auth-file,
or it was pointed to by something in that file. My svnkey.pub public
key must have been on the server, but I can't for the life of me
remember where, or how it was linked in. When I run svn info on one of
my client-side working copies it lists the URL and Repository Root as
plain old http:// URLs, not svn+ssh://, is that to be expected?

Trying to access the repository from my client machine using http://
results in "Authentication Realm <URL> repository" and a request for
my password. When I try via svn+ssh://, it just asks for a password.
I've now copied my public key into .ssh/authorized_keys on my server,
and tried access as both client-username and server-username, and
nothing makes the keys kick in. I've also put command="svnserve -t --
tunnel-user=client-user" at the head of the public key in my
authorized_keys file...

Can someone point out what I'm getting wrong here?

Thanks in advance,

To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-26 14:00:50 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.