[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Support for ssh agent for storing password encrypted

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 18 Dec 2019 04:46:04 +0000

Honza Maly wrote on Tue, 17 Dec 2019 20:04 +00:00:
> I don't see it in issue tracker: do you have any plans on adding support
> for ssh agent as way to store password encrypted, possibly based on what
> Jack Whitham prepared?
>
> https://www.jwhitham.org/2017/03/svn-password-store-using-ssh-agent.html
> https://github.com/jwhitham/safeu
>
> I'm in exactly same situation as he is (using multiple linux servers over
> ssh connection) and I'm currently thinking about compiling subversion with
> his patch myself, however I though I will ask if it won't arrive in
> official distribution soon ... or, if you already looked at it and found
> some problem with it.

The code was not proposed to us for inclusion.

If it's proposed, my first question would be what value it adds on top
of the existing gpg-agent backend. (There's also a box to check about
licensing, but that'll probably work out.)

Cheers,

Daniel

P.S. The linked post is wrong when it equates svn+ssh:// access with
shell access. It's perfectly possible to use SSH for authentication
without giving developers out-of-band (svnadmin-level) access to the
repository. There are various ways to implement this; the simplest
is to use authorized_keys(5) forced commands.

> (I'm currently relying on the directory attribute for protection but would
> prefer real encryption.)
Received on 2019-12-18 05:47:21 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.