[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion 1.6 on Ubuntu Server 11.x

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sat, 11 Jun 2011 11:27:32 -0400

On Fri, Jun 10, 2011 at 6:26 PM, Geoff Hoffman
<ghoffman_at_cardinalpath.com> wrote:
> I posted about this on the Ubuntu forums but thus far nobody has replied.
> When SSH'd into the box and using svn operations, I'm getting the dastardly
> warning about my password is going to get stored to disk unencrypted.
> I read about Subversion 1.6 security changes.
> I read about Subversion 1.6 on Ubuntu Server over at superuser.com.
> I read about gnome-keyring over at stackoverflow.
> I've been doing a lot of reading on it.
> I have done the following:
> * installed gnome-keyring
> *edited my ~/.subversion/config to turn
> password-stores = gnome-keyring
> edited my ~/.subversion/servers to
> store-passwords = yes
> store-plaintext-passwords = no
> Thing is, I'm not using any GUI so it's still not working. Should I try
> encfs ?
> I read another post about a tool from CollabNet called keyring_tool but I
> don't have it on this system. Where do I get that? I've never run into these
> issues before (new distro, new svn version).
> Any additional insight would be very much appreciated.

I have *never* gotten the gnome keyrings working well with Subversion.
I'm afraid there are a lot of subtly distinct implementations of the
necessary toolchain out therem abd the lot of them tend to be pretty
fragile.

Frankly, I find it more effective, and safer, to use SSH keys and a
key agent as necessary, with a key specifically dedicated to the SVN
access. This can be mandated with "SVN_SSH='ssh -l username -i
keyname'" to avoid using other keys.

The stored SSH public keys on the remote server can even be set to
restrict access to only svnserve tunneling, even to read-only access.
Coupled with the kind of single svn user account setup described in
passing in the "Red Book", it's a better security model than giving
all SVN clients shell access to the server.
Received on 2011-06-11 17:28:06 CEST

This is an archived mail posted to the Subversion Users mailing list.