[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Secure svnserve?

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sat, 26 Nov 2016 09:22:14 -0500

On Fri, Nov 25, 2016 at 5:11 AM, Olaf van der Spek <ml_at_vdspek.org> wrote:
> Hi,
>
> Currently I'm running svnserve on a Debian VM on my PC. I'd like to
> move it to a server on the internet but I don't get how to do this
> securely.
> Svnserve doesn't support encryption, right, so I can't expose it on a
> public port directly.

svn+ssh works quite well, and gets *away* from the horrible, horrible
tendency of clients to save a passphrase in clear text by default.
That single behavior is one of the big reasons not to use most
Subversion sites by default. svn+ssh has a similar, but not quite as
egregious, problem that the SSH client tools can also store SSH keys
without a passphrase, by default. But an SSH private key is less
likely to be the same password used by a careless employee or
developer for their logins, email, banking, and online game logins.

> I'm aware of Subversion via Apache but I don't run Apache and I don't
> want to give the entire web server access to repos anyway.
> I also don't want to give each SVN user a shell account..
> What's the proper way to do this?
>
> Wouldn't it be good if svnserve supported encryption directly?
>
> --
> Olaf

See above. And yes, it might be useful, but integrating encryption
into high performance can seriously destabilize it.
Received on 2016-11-26 15:22:31 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.