[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn: Authorization failed

From: Erick Calder <e_at_arix.com>
Date: Mon, 24 Aug 2009 00:52:33 -0700

On Aug 23, 2009, at 10:32 PM, Ryan Schmidt wrote:

> On Aug 24, 2009, at 00:25, Erick Calder wrote:
>> I'd like to write a little mini-HOWTO because with current
>> documentation I still had to struggle too much... if I do, where's
>> a good place to put it that others will find it?
> Best would be to fix the existing documentation in the FAQ. If you
> post a diff here I'm sure someone will be happy to apply it.

ok, here it goes (for http://subversion.tigris.org/faq.html#ssh-authorized-keys-trick)

I want to allow access via svn+ssh://, but am paranoid. I hate the
idea of giving each user a login; I would then have to worry about
what they are, and are not, allowed to access on my machine.
This HOWTO makes the following assumptions:

- the repository is owned by svn:svn and is located at /var/svn on the
server, which is consider as the user svn's home directory
- the SVN service binary is located at /usr/bin on the server host
- the client is running bash with svn version is > 1.2.0
On the client:

1. generate an ssh private/public key-pair:

# ssh-keygen -t rsa
2. add the following line to the ~/.bash_profile:

export SVN_SSH="ssh -l svn -i ~/.ssh/id_rsa"
and make sure to execute the above line at the command line (for
immediate definition of the variable). the user may chose to use an
existing key-pair, or to generate a new one to be used exclusively for
SVN access. In such a case, replace the ~/.ssh/id_rsa above with the
appropriate file name.

On the server:

1. create the directory /var/svn/.ssh if it does not exist (make sure
it's owned by svn:svn)
2. in the above directory place the file authorized_keys2 with the
following contents:

command="/usr/bin/svnserve -t -r /var/svn --tunnel-user=<username>",no-
port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty <public

where <username> is the name the repository will use in recording
changes and <public key> represents the contents of the client's
~/.ssh/id_rsa.pub file (or whichever public key was chosen for this
purpose). make sure all of the above is on a single line.

To use the service then, on the client, check out any project:

# svn checkout svn+ssh://<server>/var/svn/<project>

where <server> represents the DNS name of the server host and
<project> is the name of any project. Change directory to the
project's e.g. cd <project> and change the contents of some file,
subsequently performing a difference report:

# svn diff

if everything looks good, commit:

# svn commit

that's it!


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-24 09:50:40 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.