On Sat, Feb 11, 2012 at 9:27 PM, André Hänsel <andre_at_webkr.de> wrote:
> Hi list,
>
> can I use svnserve in daemon mode (to take advantage of its authorization
> mechanisms) and still have the client use an SSH tunnel (probably with
> different credentials) to connect to it, so I only have to expose the SSH
> port?
>
> I found a post at http://svn.haxx.se/users/archive-2004-12/1413.shtml
> talking about something called "SVN over SSH" but it's not mentioning how to
> set it up.
It's in the famous Subversion "Red Book", at
http://svnbook.red-bean.com/. It works well: the only difficulty with
it is managing the keys, which needs to be worked out thoughtfully as
a matter of policy file management. The last example, the one that
uses individual keys installed in an svn user account, forced
commands, specific usernames tied to the keys with, and perhaps even
the "--root" directove to provide simpler URL's is the one you want to
use. I've been a strong proponent of it for years because it avoids
Linux and UNIX clients for Subversion storing passwords in cleartext,
as all such clients do by default for HTTP and HTTPS access. It also
can avoid fascinating interactions with Apache setups.
There are performance and configuration trade-offs, but I find it very
usefl, especially if I need to publish a freely accessible version of
the repository that can be just plain "http" accessed. This is how
www.sourceforge.net does this.
Received on 2012-02-12 04:39:23 CET