

010011010110000101110100011101000010000001000010011101010111010001100011011010000110010101110010

Quick Links
Home Docs & How-Tos Search

Books

Drupal

LDAP

OpenCMS

Projects
Anadem Caryatid OpenCms Modules Pilaster Sinciput Utilities Widgets (AJAX) iPhone Apps

Configuring a Client for Subversion plus Secure Shell (svn+ssh)

How to configure the svn client to use a public key to authenticate to subversion

Author: M Butcher
Date: 2007-08-24 15:03:10 -0400

Recently I have been using a subversion repository that handles connections through SSH, rather than over HTTP. Further, I wanted to use a public key instead of a regular password login. I use Ubuntu Linux on the desktop, and the server was also running a flavor of Linux. Here's how to handle such a configuration.

The goal: Using my Linux development box (client), connect to a remote server (server.com) that is running subversion using svn+ssh, and use a public key to authenticate to the server.

Tools:

ssh and ssh-keygen
svn
vi or another editor
access to both the client and the server (over SSH).

If you haven't done so already, create an SSH key on the client machine:

$ ssh-keygen

This will walk you through the process of creatign a new public/private key combination. I named my keys svndev (my private key) and svndev.pub (my public key), and I put both in my /home/mbutcher/.ssh.

Next, the public key signature must be put in the authorized_keys2 file on the server:

client$ scp ~/.ssh/svndev.pub server.com:/home/mbutcher/.ssh

Then SSH to the server and continue:

server$ cd ~/.ssh

server$ cat svndev.pub >> authorized_keys2

Now the server knows about the key.

Back on the client, I was just about ready to do an SVN checkout. There are a few pieces of information that SSH needs to know, but svn doesn't provide. To give SSH this information, I created an SSH config file:

client$ cd ~/.ssh

client$ vi config

My config file contents looked like this:

Host server.com

Compression on

PreferredAuthentications publickey

PubkeyAuthentication yes

IndentityFile ~/.ssh/svnkey

This file essentially says that when I connect to server.com, I want connections to: (a) be compressed, (b) do authentication with public key cryptography, and (c) use the private key in ~/.ssh/svnkey.

Next, time to do a checkout from subversion.

client$ svn co svn+ssh://server.com/path/to/svn/trunk .

Enter passphrase for key '/home/mbutcher/.ssh/svnkey':

Enter passphrase for key '/home/mbutcher/.ssh/svnkey':

Note that svn prompts twice. This is because it makes two separate SSH connections, and you are prompted each time. (This is a well-documented consequence of using svn+ssh).

Once authentication is done, a complete checkout should happen.

Don't like re-entering the password? You can remove the password from your key file. This presents a security risk: if anyone got their hands on your key file, they could login to the remote server as you. But if that does not worry you, here's how to get rid of the passphrase for your key:

client$ ssh-keygen -p -f ~/.ssh/svnkey

Enter old passphrase:

Enter new passphrase:

Enter same passphrase again:

If you enter your original passphrase for Enter old passphrase, and then hit <Enter> for the new passphrase (twice), then your passphrase will be removed from the key.

There is no need to update the public key on the server when you remove the passphrase.

Now, you should be happily subversioning using svn+ssh and a public key.

News

R S S	News
R S S	Docs and How-To's

Releases

Links

Search

Questions? Comments? Consulting Opportunities? Email matt at aleph-null.tv.