2005/04/02

svn+ssh: Using Subversion with SSH

I've been trying to learn how to enable secure shell (SSH) access to Subversion, on both the client and server sides. It's kind of a pain.

The whole point of using SSH is to avoid sending your source code in the clear, so maybe the pain is worth it. Or maybe this is such a common-sense usage of Subversion that somebody (like, say, me) should put some effort into making it easier to do. But I digress.

To connect to an svnserve daemon via SSH you use this repository syntax:

$ svn co svn+ssh://.../

This requires some careful preparation. First, you need to have the following lines uncommented in your client-side ~/.subversion/config:
[tunnels]
ssh = $SVN_SSH ssh

Then, on the client, your URL must include the absolute path to the repository, followed by the path of the project you want to check out from the repository.

For example, suppose you ordinarily use this command to check out a project:
$ svn co svn://svn_server/project/trunk local_name

In order to perform the same checkout using an svn+ssh URL, you'd have to use this command:
$ svn co svn+ssh://svn_server/abs_path_to_repository/project/trunk local_name

You also need an account on the SVN server, with the same username as your account on the client machine. Or you need to specify the username when performing your svn checkout, like so: 
$ svn co --username bubba ...

Or you need an entry like this in your ~/.ssh/config, to tell ssh as whom it should connect to the server:
Host svnserver
Hostname svnserver.blah.com
User bubba

On the server, you need to ensure that svnserve is in the path of the user account under which you run svnserve.

You also need to ensure that the account under which you run svnserve, as well as your user account on the server and any other userr accounts which need access to the repository, are all members of the same group. (subversion would be a good name for the group.)

You also need to make sure that your umask is set to 002 (group write-able). Otherwise other users of the remote repository might find themselves suddenly unable to change some file that you've added.

Got all of that? Good! Of course, I probably forgot a few steps...

at 17:22

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)