On Fri, Jun 10, 2011 at 6:26 PM, Geoff Hoffman
<ghoffman_at_cardinalpath.com> wrote:
> I posted about this on the Ubuntu forums but thus far nobody has replied.
> When SSH'd into the box and using svn operations, I'm getting the dastardly
> warning about my password is going to get stored to disk unencrypted.
> I read about Subversion 1.6 security changes.
> I read about Subversion 1.6 on Ubuntu Server over at superuser.com.
> I read about gnome-keyring over at stackoverflow.
> I've been doing a lot of reading on it.
> I have done the following:
> * installed gnome-keyring
> *edited my ~/.subversion/config to turn
> password-stores = gnome-keyring
> edited my ~/.subversion/servers to
> store-passwords = yes
> store-plaintext-passwords = no
> Thing is, I'm not using any GUI so it's still not working. Should I try
> encfs ?
> I read another post about a tool from CollabNet called keyring_tool but I
> don't have it on this system. Where do I get that? I've never run into these
> issues before (new distro, new svn version).
> Any additional insight would be very much appreciated.
I have *never* gotten the gnome keyrings working well with Subversion.
I'm afraid there are a lot of subtly distinct implementations of the
necessary toolchain out therem abd the lot of them tend to be pretty
fragile.
Frankly, I find it more effective, and safer, to use SSH keys and a
key agent as necessary, with a key specifically dedicated to the SVN
access. This can be mandated with "SVN_SSH='ssh -l username -i
keyname'" to avoid using other keys.
The stored SSH public keys on the remote server can even be set to
restrict access to only svnserve tunneling, even to read-only access.
Coupled with the kind of single svn user account setup described in
passing in the "Red Book", it's a better security model than giving
all SVN clients shell access to the server.
Received on 2011-06-11 17:28:06 CEST