[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn: Authorization failed

From: Erick Calder <e_at_arix.com>
Date: Mon, 24 Aug 2009 02:29:29 -0700

On Aug 24, 2009, at 1:32 AM, Ryan Schmidt wrote:

> You should post this as a diff. That means for example: download
> faq.html, copy it to faq.new.html, edit the copy so it looks like
> you want, then submit the output of "diff -u faq.html faq.new.html"
> as a file attachment.

thanks for your explicit instructions. here's the diff:

--- faq.html 2009-08-24 02:02:02.000000000 -0700
+++ faq.new.html 2009-08-24 02:27:07.000000000 -0700
@@ -2160,12 +2160,41 @@
  <h3>I want to allow access via svn+ssh://, but am paranoid. I hate
the
  idea of giving each user a login; I would then have to worry about
  what they are, and are not, allowed to access on my machine.</h3>
-<p>See the section about hacking
-the <tt>~/.ssh/authorized_keys</tt> file in the answer
-to this other question; ignore
the stuff
-about getting <tt>svnserve</tt> on your PATH.</p>
-</div>
+<p>
+On the client (assumes svn version > 1.2):

+<ol>
+<li>generate an ssh private/public key-pair:
+<p><tt># ssh-keygen -t rsa</tt>
+<li>add the following line to the <tt>~/.bash_profile</tt>:
+<p><tt>export SVN_SSH="ssh -l svn -i ~/.ssh/id_rsa"</tt>
+<p>
+and make sure to execute the above line at the command line (for
immediate definition of the variable). the user may chose to use an
existing key-pair, or to generate a new one to be used exclusively for
SVN access. In such a case, replace the <tt>~/.ssh/id_rsa</tt> above
with the appropriate file name.
+</ol>
+<p>
+On the server (assumes the repository is owned by <tt>svn:svn</tt>
and is located at <tt>/var/svn</tt> on the server, which serves as the
user <tt>svn</tt>'s home directory. additionally assumes the SVN
service binary is located at <tt>/usr/bin</tt>):
+<ol>
+<li>create the directory <tt>/var/svn/.ssh</tt> if it does not exist
(make sure it's owned by <tt>svn:svn</tt>)
+<li>in the above directory place the file <tt>authorized_keys2</tt>
(permissions: <tt>-rw-r--r--</tt>) with the following contents:
+<p>
+<tt>command="/usr/bin/svnserve -t -r /var/svn --tunnel-
user=&lt;username&gt;",no-port-forwarding,no-agent-forwarding,no-X11-
forwarding,no-pty &lt;public key&gt;</tt>
+<p>
+where <tt>&lt;username&gt;</tt> is the name the repository will use
in recording changes and <tt>&lt;public key&gt;</tt> represents the
contents of the client's <tt>~/.ssh/id_rsa.pub</tt> file (or whichever
public key was chosen for this purpose). <u>Make sure all of the
above is on a single line.</u>
+<p>
+To use the service then, on the client, check out any project:
+<p>
+<tt># svn checkout svn+ssh://&lt;server&gt;/var/svn/&lt;project&gt;</
tt>
+<p>
+where <tt>&lt;server&gt;</tt> represents the DNS name of the server
host and <tt>&lt;project&gt;</tt> is the name of any project. Change
directory to the project's e.g. <tt>cd &lt;project&gt;</tt> and change
the contents of some file, subsequently performing a difference report:
+<p>
+<tt># svn diff</tt>
+<p>
+if everything looks good, commit:
+<p>
+<tt># svn commit</tt>
+<p>
+that's it!
+</div>

  <div class="h3" id="auto-props" title="auto-props">
  <h3>How can I set certain properties on

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2386676

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-08-24 11:27:46 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.