>>> Each ssh connection between server and workstations is made with the
>>> same ssh user while each access to the repository must be made with
>>> different svn users.
>>
>> If every user has an SSH key, you can add their keys to the ~/.ssh/
>> authorized_keys file on the single account on the server. You'll end
>> up with lots of lines of the form:
>>
>> command="/usr/bin/svnserve --root=/svnroot -t --tunnel-
>> user='<username>'",no-port-forwarding,
no-X11-forwarding,no-agent-
>> forwarding,no-pty ssh-dss <key> <comment>
>
>I believe that's what's described in the book:
>
>http://svnbook.red-bean.com/en/1.5/
>svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks
>
>So you should read that for more information.
Thanks for both your answers, guys!
Of course the manual it's always the first place where to look for me, and I already found that paragraph you quoted, but I wasn't able to apply it. This must be due to my ignorance in ssh mechanics.
Considering that I have two servers, alpha and beta, and that the first has the svn repository and the other has the working copy, this is what I did:
1) beta-user_at_beta$ ssh-keygen -t dsa # this created the ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub files;
2) on alpha I copied what's inside the just generated id_dsa.pub into the ~/.ssh/authorized_keys, adding all the "command" string you suggested, with --tunnel-user svn-user;
3a) beta-user_at_beta$ svn checkout svn+ssh://alpha/svn/my-project/trunk # and I got asked for the beta-user_at_alpha password, but beta-user doesn't exists on alpha (and the point of this is to avoid create all the users on alpha);
3b) beta-user_at_beta$ svn checkout svn+ssh://alpha-user@alpha/svn/my-project/trunk # and I got asked for the alpha-user_at_alpha password and with that I got autenticated but all commits, then, are performed as alpha-user and not svn-user.
Can you figure out what's wrong in this procedure?
Thanks for your efforts in helping me!
n3u.
Passa a Yahoo! Mail.
La webmail che ti offre GRATIS spazio illimitato,
antispam e messenger integrato.
http://it.mail.yahoo.com/%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0%c2%a0
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1190783
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-02-19 09:35:28 CET