[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Mon, 25 Nov 2013 12:43:15 +0200

sbremal_at_hotmail.com wrote on Mon, Nov 25, 2013 at 10:24:16 +0000:
> Correct, default SSH port is not open on the corporate firewall. I am
> sure there are workarounds, however having contractual obligations not
> sure I should try hard to be unorthodox.

I still suggest that you try to run sshd. If you can't convince them to
open port 22, try to convince them to run sshd on port 1022. That's not
unorthodox, it's common practice for evading vulnerability scanners and
root-login-attemptors.

Daniel

> SSH + SVN is my favourite and will stay with it as the primary access method. If I could top it with HTTP access using the existing Unix authentication and authorization framework, I would be more than happy. After all Unix works for tens of years, why to change it???
>
> Other alternative would be to force Apache to spawn MOD_DAV_SVN processes as the authenticated user, wonder if it is possible, or has any inadvertent complications.
>
>
> B.
>
> ----------------------------------------
> > Date: Sat, 23 Nov 2013 01:07:16 +0200
> > From: d.s_at_daniel.shahaf.name
> > To: sbremal_at_hotmail.com
> > CC: users_at_subversion.apache.org
> > Subject: Re: MOD_DAV_SVN + SVNSERVE_WRAPPER + file system rights
> >
> > sbremal_at_hotmail.com wrote on Thu, Nov 21, 2013 at 18:37:21 +0000:
> >> I am very happy with the SSH + 'svnserve' access to my repositories,
> >> however due to firewall issues I need access through HTTP as well.
> >> What I do not want is to set up a 2nd authentication / authorization
> >> database.
> >
> > What are the "firewall issues", exactly? Why can't you use svn+ssh?
> > Can you run sshd on port 80 (which would allow you to use svn+ssh
> > without httpd at all)?
> >
> > Daniel
Received on 2013-11-25 11:44:04 CET

This is an archived mail posted to the Subversion Users mailing list.