Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Howto:Setting Up Subversion ssh+svnserve extra access method

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Post Reply
Message
Author
brianboonstra
Posts: 2
Joined: 2006-05-02 13:52

Howto:Setting Up Subversion ssh+svnserve extra access method

#1 Post by brianboonstra »

Setting Up Subversion svnserve as an additional access method

I recently found the need to set up svnserve over an ssh tunnel as an additional access method to an existing installation of subversion, working in the usual method with Apache httpd and dav_svn. I'm posting this log to help others do the same.

Brian K. Boonstra

Goal
Given an existing subversion repository, currently using httpd on an internal network, set up tunneled ssh access so that external usage is possible and secure, using public-key authentication.

References

Subversion / TortoiseSVN SSH HowTo by Marc Logemann
svn+ssh and putty
diagnosing svn+ssh connection problems
sshd configuration
My Experiences With Subversion
Version Control with Subversion:svnserve
Version Control with Subversion:Multiple Access




Steps

Configure sshd

I did not want sshd to allow password access. So the first step was to modify its configuration file to read:

Code: Select all

    PermitRootLogin no
    PasswordAuthentication no
    UsePAM no   # Surprise!  Ignores 'PasswordAuthentication no' unless this is also 'no'

Create a subversion user

I find it convenient to have a separate subversion user. The repository was currently owned by user www-data, group svn. You want to make the repository owned by a group to which both www-data and svn belong.


(i) Create the user, depending on whether you already have an svn group, either

Code: Select all

adduser svn --ingroup svn --disabled-password --shell=/bin/zsh --system
or

Code: Select all

adduser svn --group --disabled-password --shell=/bin/zsh --system
adduser www-data svn
chgrp -R svn $SVN_REPOSITORY

(ii) Test access

Code: Select all

sudo -u svn svn info file://$SVN_REPOSITORY

(iii) Ensure permissions are OK:

Code: Select all

sudo su svn;
cd;
svn co file://$SVN_REPOSITORY/$SOMEFILE;
{modify the file trivially}
svn commit $SOMEFILE
(b) Do the same using an http client
(c) If there was a problem, ensure
(1) group write permissions exist wherever user write permissions exist
(2) the group of created files is 'svn'
(3) the permissions of created files match before and after commi



Create public key access

Make a ~/.ssh/ subdirectory for the 'svn' account.


For each user:

(i) cd ~svn/.ssh
(ii) Get a public key
(a) If user already has a public key, copy the user's public key to ~svn/.ssh as $USER.pub
(b) Otherwise,

Code: Select all

ssh-keygen -b 1024 -t dsa -f $USER
(iii) Put the public key in svn's authorized keys:

Code: Select all

echo 'command="svnserve -t --tunnel-user=$USER --root=$SVN_REPOSITORY",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ' | cat - $USER.pub >> authorized_keys
(iv) If you had to generate a key in (ii-b) above, put the private key $USER on the user's computer in $USER_MACHINE/~$USER/.ssh/id_dsa


Test the access
A remote user set up as above should now be able to do something like

Code: Select all

svn info svn+ssh://svn@$SERVERNAME/$SOMEFILE

If there were connection troubles try the instructions in the references, which basically say to try

Code: Select all

ssh svn@$SERVERNAME svnserver
and

Code: Select all

ssh -v svn@$SERVERNAME
Top
walkershane123
Posts: 1
Joined: 2011-07-05 11:22

Re: Howto:Setting Up Subversion ssh+svnserve extra access me

#2 Post by walkershane123 »

Setting up a Subversion Server.

The following instructions will install a Subversion server, which will be set up to use OpenSSH as the secure remote access method, with svnserve available for anonymous access.

Configuration of the Subversion server consists of the following steps:
1. Setup Users, Groups, and Permissions

You'll need to be user root for the initial portion of configuration. Create the svn user and group with the following commands:

groupadd -g 56 svn &&
useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false -u 56 svn

If you plan to have multiple repositories, you should have a group dedicated to each repository for ease of administration. Create the svntest group for the test repository and add the svn user to that group with the following commands:

groupadd -g 57 svntest &&
usermod -G svntest -a svn

Additionally you should set umask 002 while working with a repository so that all new files will be writable by owner and group. This is made mandatory by creating a wrapper script for svn and svnserve:

mv /usr/bin/svn /usr/bin/svn.orig &&
mv /usr/bin/svnserve /usr/bin/svnserve.orig &&
cat >> /usr/bin/svn << "EOF"
#!/bin/sh
umask 002
/usr/bin/svn.orig "$@"
EOF
cat >> /usr/bin/svnserve << "EOF"
#!/bin/sh
umask 002
/usr/bin/svnserve.orig "$@"
EOF
chmod 0755 /usr/bin/svn{,serve}
Top
psequeirag
Posts: 1
Joined: 2014-01-06 23:52

Re: Howto:Setting Up Subversion ssh+svnserve extra access me

#3 Post by psequeirag »

For fixing the umask issue, it's probably better to use the svnwrapper script from the subversion-tools package. This avoids having to mess with the binaries in /usr/bin, which is very desirable.

The man page (http://manpages.ubuntu.com/manpages/har ... rap.1.html) suggests using it like this:

Code: Select all

# ln -s /usr/bin/svnwrap /usr/local/bin/svn
# ln -s /usr/bin/svnwrap /usr/local/bin/svnserve
Top
Post Reply

Return to “Docs, HowTos, Tips & Tricks”