[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: howto gain full access to terminal via ssh and by pass "( success ( 1 2 ( ANONYMOUS EXTERNAL ...."

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 13 Jan 2009 18:28:38 +0000

On Tue, Jan 13, 2009 at 09:53:53AM -0800, S. Aguinaga wrote:
> I see how silly I sounded :)


> So, if I want to setup things right .... I should have and svnuser
> account, which I use when
> ever I want to access my subversion repos, and then use my standard
> user account to connect
> via "ssh user_at_server" and be able to move around in my account space?

You can use your normal account to create and commit to the
repository without any special setup. svn+ssh:// is implemented
so that it magically invokes svnserve for you through an
ssh connection. No tweaks to your existing ssh setup are required.

You can also add a separate user account for committing,
but that is optional.

Note that if multiple users are using svn+ssh:// to access
a shared repository, the umask the svnserve process runs with
needs to be set to 002 to make sure the repository stays writable
by all committers (which should all be in a common group, for example,
'svn' or 'svncommitters' or something like that).
See http://svnbook.red-bean.com/en/1.5/svn.serverconfig.multimethod.html

> & in the "authorized_keys" file (for the svnuser account) I should
> have the command calling svnserve, the root of repos, and
> --tunnel-user, plus all the other no Xforwarding, etc. does that
> sound?

You only need to put the svnserve command into the authorized_keys
file if you want to restrict the key to be used _only_ for svnserve and
nothing else. This is useful to give commit access to people via
svn+ssh:// without also giving them ssh shell access on the server.

Otherwise, just don't add any special options in authorized_keys.
It should just work.

Received on 2009-01-13 19:29:48 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.