[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: what is the best way to set up secure svn server for people outside the firewall to access it?

From: Thomas Harold <thomas-lists_at_nybeta.com>
Date: Thu, 12 Nov 2009 23:34:42 -0500

On 11/12/2009 6:25 PM, baz themail wrote:
> For example, I would like to setup a https svn site just like
> http://unfuddle.com/ or http://svnrepository.com/. I tried them, but i
> dont see how https works in terms of security.

If the SVN server is a Linux/Unix server, I'm partial to svn+ssh.

Advantages:

- No storage of passwords in the working copy (or doesn't http/https
suffer from this problem?).

- Uses public SSH key pairs. Less/No worries about stolen or sniffed
passwords, you just have to worry about stolen private keys.

- SSH keys can be loaded into an SSH agent on the client to avoid
additional password prompts.

- SSH keys can be locked down on the server side so that they're only
useful for interacting with the svnserve program. That makes it a good
bit more difficult for the attacker, even if they have the private SSH key.

I tend to find https (SSL) to be arcane and confusing to setup. I've
setup https before, but my comfort level with svn+ssh is a lot higher.
And I'm not comfortable configuring Apache yet. But that's just a
personal bias against https.

(We primarily use PuTTY on Windows along with command line SVN and
TortoiseSVN. We put the ssh server on a non-standard port to reduce the
quantity of dictionary attacks. Our SVN server is Linux based.)

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2417407

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-11-13 05:35:34 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.