On Aug 23, 2009, at 10:32 PM, Ryan Schmidt wrote:
>
> On Aug 24, 2009, at 00:25, Erick Calder wrote:
>
>> I'd like to write a little mini-HOWTO because with current
>> documentation I still had to struggle too much... if I do, where's
>> a good place to put it that others will find it?
>
> Best would be to fix the existing documentation in the FAQ. If you
> post a diff here I'm sure someone will be happy to apply it.
ok, here it goes (for http://subversion.tigris.org/faq.html#ssh-authorized-keys-trick)
:
I want to allow access via svn+ssh://, but am paranoid. I hate the
idea of giving each user a login; I would then have to worry about
what they are, and are not, allowed to access on my machine.
This HOWTO makes the following assumptions:
- the repository is owned by svn:svn and is located at /var/svn on the
server, which is consider as the user svn's home directory
- the SVN service binary is located at /usr/bin on the server host
- the client is running bash with svn version is > 1.2.0
On the client:
1. generate an ssh private/public key-pair:
# ssh-keygen -t rsa
2. add the following line to the ~/.bash_profile:
export SVN_SSH="ssh -l svn -i ~/.ssh/id_rsa"
and make sure to execute the above line at the command line (for
immediate definition of the variable). the user may chose to use an
existing key-pair, or to generate a new one to be used exclusively for
SVN access. In such a case, replace the ~/.ssh/id_rsa above with the
appropriate file name.
On the server:
1. create the directory /var/svn/.ssh if it does not exist (make sure
it's owned by svn:svn)
2. in the above directory place the file authorized_keys2 with the
following contents:
command="/usr/bin/svnserve -t -r /var/svn --tunnel-user=<username>",no-
port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty <public
key>
where <username> is the name the repository will use in recording
changes and <public key> represents the contents of the client's
~/.ssh/id_rsa.pub file (or whichever public key was chosen for this
purpose). make sure all of the above is on a single line.
To use the service then, on the client, check out any project:
# svn checkout svn+ssh://<server>/var/svn/<project>
where <server> represents the DNS name of the server host and
<project> is the name of any project. Change directory to the
project's e.g. cd <project> and change the contents of some file,
subsequently performing a difference report:
# svn diff
if everything looks good, commit:
# svn commit
that's it!
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2386654
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-24 09:50:40 CEST