SVN via SSH not working on Windows with Tortoise SVN

Question

I have SSH access to a FreeBSD machine which has svnadmin (and the rest of the necessary utilities) installed. svn is version 1.7.9 (r1462340). I am on Windows 7 x64, using Tortoise SVN 1.7.7.

I have followed this official guide to help me set up my server and Tortoise SVN, but I'm having trouble setting it up.

I have generated a pair of private/public keys and added them to my server's ~/.ssh/authorized_keys file and to my Putty configuration respectively. I can connect to the remote machine using putty and my private key.

I have also tried configuring Tortoise SVN to do the same thing, and I'm connecting to:

svn+ssh://myBSDusername@it2svn/somerepo 

Where it2svn is the name of the working Putty connection profile, and somerepo is a repository in my repository root (~/svnroot/somerepo).

The problem that occurs is that Tortoise SVN requests my key's passphrase and no matter how many times I enter it correctly, the password dialog is closed for 1-2 seconds, after which it prompts me for the passphrase yet again. It doesn't even say that it's wrong, it just keeps asking me for the passphrase over and over.

If I purposely enter the wrong passphrase, I get prompted for it again instantly, without the 1-2 second delay that occurs when entering the right one. The dialog still doesn't say it's wrong even though I'm entering gibberish. This might be a bug on their side, but it still doesn't explain why my correct passphrase isn't being accepted.

Configuration

Here are the contents of the authorized_keys file (with the actual contents of the keys removed):

ssh-dss AAA....FuA== myBSDusername@ems command="svnserve -t -r ~/svnroot --tunnel-user=svnAuthorDude",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-dss AAAA....IFuA== myBSDusername@ems 

Important note: the guide said that my "command" line should look like this:

command="svnserve -t -r <ReposRootPath> --tunnel-user=<author>", no-port-forwarding,no-agent-forwarding,no-X11-forwarding, no-pty ssh-rsa <PublicKey> <Comment> 

But the key I generated using ssh-keygen using the same parameters as in the guide starts with ssh-dss instead of ssh-rsa, which is why ssh-rsa is replaced in my own file by dss (apparently because the key is a DSA and not a RSA key).

Answer 1

The problem you had was using a passphrase on your key pair and not using pageant.

When TortoiseSVn connects with an SSH tunnel it seems to make multiple separate requests using plink (or TortoisePLink). Each time this happens the SSH key is needed and so needs to be unlocked and so the password request occurs.

If you don't password protect the keypair then there is no need to ask for the password.

If you configure pageant to load the key before you use TortoiseSVN, then plink will get the key, already unlocked and cached, from pageant instead. In this way you can use a password protected key and not need to enter the password repeatedly. You still need to enter it once when adding the key to pageant though.

Answer 2

I've regenerated the key pair using PuttyGen, and made it an RSA2 key pair (versus the old DSA keys). I've also skipped protecting my private key with a passphrase, and now everything (magically) works. I don't know exactly what change actually fixed the problem, but I'm hoping this will help some future developer with a similar problem.

Here are the (relevant) contents of my user's ~/.ssh/authorized_keys:

ssh-rsa AAAA...Wc= rsa-key-20130529 command="svnserve -t -r /user/rest/of/path/svnroot --tunnel-user=someuser",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAA...Wc= andrei