RE: access svn securely from the internet via sasl or ssh

From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Fri, 19 Dec 2008 11:57:34 -0500

Svn protocol isn't really secure. It is meant for intranets. SSH tunnel makes it secure but you said you don't want to give you users rw accsess to the repository. So, I think that only leaves moving to https via Apache.

BOb

> -----Original Message-----
> From: bobdole1_at_web.de [mailto:bobdole1_at_web.de]
> Sent: Friday, December 19, 2008 10:07 AM
> To: users_at_subversion.tigris.org
> Subject: access svn securely from the internet via sasl or ssh
>
> Hi!
>
> I have a Ubuntu server with an svn repository (only svnserve -d, no
> WebDAV). What would be the simplest way to make it securely available to
> the internet? I think svn+ssh is rather insecure because you give each
> user a right to write directly (low-level) into the svn-repository.
> For, SASL, how much do I need to configure? Is it sufficient to add the
> following to the svn svnserve.conf:
> [sasl]
> use-sasl = true
> min-encryption = 128
> max-encryption = 256
>
> Or do I really need all this extra configuration with sasl configuration:
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> sasldb_path: /etc/my_sasldb
> mech_list: DIGEST-MD5
> ...
> (as described in http://svnbook.red-
> bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnser
> ve.sasl ; section: Authentication with SASL)
>
> I just need a connection to be as secure as regular ssh. :-) Thanks in
> advance!
>
> Best, Philip
> ____________________________________________________________________
> Psssst! Schon vom neuen WEB.DE MultiMessenger gehört?
> Der kann`s mit allen: http://www.produkte.web.de/messenger/?did=3123
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=
> 987502
>
> To unsubscribe from this discussion, e-mail: [users-
> unsubscribe_at_subversion.tigris.org].

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=987611

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2008-12-19 17:58:36 CET

This message: [ Message body ]
Next message: Bob Archer: "RE: Metadata centralized vs distributed"
Previous message: John Doe: "Re: Subversion on Linux ES"
In reply to: bobdole1_at_web.de: "access svn securely from the internet via sasl or ssh"
Next in thread: Paul Koning: "RE: access svn securely from the internet via sasl or ssh"
Reply: Paul Koning: "RE: access svn securely from the internet via sasl or ssh"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]