1

I'm having some trouble configuring a website hosting server (ex. website.com) that only has one primary user account (ex. ownername), to allow the following:

  • Users me and friend appear as the usernames in svn log entries, and
  • Users me and friend have shell access via SSH

So, I setup my private/public key pair on my local machine (laptop) and copied the public key to website.com's /home/ownername/.ssh/authorized_keys file. I added this command argument to the line:

command="svnserve -t --tunnel-user=me -r /home/ownername/" ssh-rsa A...eQ== laptoplogin@laptop

Where /home/ownername/svn/ is the location of the Subversion repository. This allows me to use:

[laptop]$ svn co svn+ssh://[email protected]/svn/ project

and any changes I make to project using Subversion has me listed as the user in the change comments, which is great.

However, when I go to login via ssh:

 [laptop]$ ssh [email protected] ( success ( 1 2 ( ANONYMOUS ) ... Connection closed. [laptop]$

So, is what I'm trying to do even possible? I honestly don't know enough about ssh tunnels to know what to do. There are numerous websites which discuss limiting or removing shell access to svn clients, but of course I want the shell access in addition to a custom username for me and friend.

Any help is appreciated!

Solution:

I simply set up two different id_rsa keys: id_rsa_shell and id_rsa_svn. I appended these to the server's .ssh/authorized_keys file. Then, for the "shell" key I put no command, and the "svn" key the svnserve with arguments. Then, on the laptop, I set up the .ssh/config file to have two entries: website-shell and website-svn, each with IdentityFile set to point to the respective keys. ssh website-shell worked as expected. For the svn command, in .subversion/config, under [tunnels] I put:

website = ssh -p XXXX -i /home/emptyset/.ssh/id_rsa_svn

Now, this got my checkout working:

$ svn co svn+website://website-svn/svn checkoutdirectory

Testing the commits verified the svnserve --tunnel-user argument worked to put my alias in the svn commit. Note it respects the website-svn alias defined in .ssh/config.

Sweet. :)

Improve this question

1 Answer 1

Reset to default
3

I wanted to comment on this yesterday but backed off waiting for someone more knowledgeable in this particular setup. Working from what you have said you can setup multiple users on the same account by having separate keys each setup to a different command structure. I,e user Bob would have a key command="svnserve -t --tunnel-user=Bob -r /home/ownername/" ssh-rsa A...eQ== laptoplogin@laptop

and Jane would be command="svnserve -t --tunnel-user=Jane -r /home/ownername/" ssh-rsa someother..eQ== laptoplogin@laptop

Now by the same logic you could set up a third shared key between you that just executes bash, or share the account password to login without keyless ssh and get access to the shell.

That being said, on an aside, you may just want to take a look at Mercurial or Git, both of which make centrally hosted development on a repository dead-simple and are far more powerful and flexible than svn.

Improve this answer
1
  • Most excellent, thanks! See above for the solution. Commented Nov 4, 2009 at 1:43

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.