Note: This topic is more like a walk-through than a complete guidelines. And is basically based on the great documentations found on the TortoiseSVN website and various sources. You can refer the site for more explanation if needed.
Server: Setting Up Svnserve With SSH
Part 1: Server Setup
Part 2: Client Setup
Subversion (svn): 1.4.5
TortoiseSVN: 1.4.8.12137 (win32)
Cygwin: 1.5.25-14
Putty, Puttygen, Pageant: 0.60
- Login as Administrator.
- Install SVN on the server (as described in Setting Up Svnserve).
- Close the svnserve service if it is running.
- Create a new user account named “svnuser” (or any other name) with a password. Check that the user permissions are sufficient to read and write your SVN repository directory on the server.
- Install Cygwin SSH daemon as described here.
- Before step 5 (“ssh-host-config” section), open c:\cygwin\etc\hosts.allow with WordPad, make sure it looks like this (take note the hash #):
#ALL : PARANOID : deny
sshd: ALL - Continue to do the “ssh-host-config” section.
- Continue to do the “Test the sshd” section.
- Also test on “ssh svnuser@localhost”
- Skip the other sections unless specially needed.
- Type “logout” untill the cygwin window is closed.
- Download PuTTY, PuTTYgen and Pageant from here and place the EXEs in c:\cygwin
- In Windows, logout as Administrator, then login as svnuser.
- Create a key pair (Replace the ‘svnharrykey’ in sample below with your preferred key name):
- Open a cygwin window. Will be logged in as svnuser by default.
- Enter a passphrase: a secret key for private key encryption
- The key pair will be created in c:\cygwin\home\svnuse
- If authorized_keys not exist (first time create):
$ cp svnharrykey.key.pub /home/svnuser/.ssh/authorized_keys
If authorized_keys already exist:$ cat svnharrykey.key.pub >> /home/svnuser/.ssh/authorized_keys
- Double-click on c:\cygwin\puttygen.exe
- Goto Conversions > Import Key > Select the svnharrykey.key file.
- Enter the passphrase > Save private key > saved as svnharrykey.ppk (saved into the same folder).
- Goto c:\cygwin\home\svnuser\.ssh and open “authorized_keys” file with WordPad.
- Append the following line (in blue & red) to the top of each authorized key:
command="svnserve -t -r d:/svn_repos/ --tunnel-user=harry",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa <ThePublicKey><PublicKeyComment>
- Replace the text in red to your svn repository root folder and svn authorized user (as in your svn repository conf\authz file).
- Note: If “svnserve” command cannot be found, change it to full path. E.g:
command="c:/svnserve/bin/svnserve.exe –t –r d:/svn_repos/…
- Note: The user read/write right of the svn repository will follow as set in conf\authz. (conf\passwd will not be used)
- Save the file.
- Repeat steps above to generate keys for each svn authorized user.
- Note: Recommended each svn user should have a different key pair and passphrase.
- After complete, copy all the .ppk keys in c:\cygwin\home\svnuser to another folder to be distributed to the clients.
- In Windows, logout as svnuser, then login back as Administrator.
- Distribute the Putty private key files (e.g. svnharrykey.ppk) created to the authorized clients.
- To restrict access to the ssh service:
- In Windows, login as Administrator.
- Open c:\cygwin\etc\hosts.allow with WordPad.
- Put a hash (#) on this line:
#sshd: ALL
- Put the following lines:
ALL : PARANOID : deny
ALL : PARANOID : RFC931 20 : deny
ALL : localhost 127.0.0.1 : allow
sshd : 192.168.1. : allow
sshd : 218.208.999.99: allow
…
ALL : ALL : deny - Note:
- Replace the IPs in blue to those you allow.
- Rules applies in the first-come-first-serve order.
- To allow an IP range: sshd : 192.168.1. : allow
- To allow a particular IP: sshd : 192.168.1.47: allow
- To allow a domain: sshd : .mydomain.com : allow
- Save the file. The changes will take effect immediately.
$ cd /home/svnuser
$ mkdir .ssh
$ ssh-keygen -t rsa -f svnharrykey.key
Part 2: Client Setup
- Copy or download PuTTY and Pageant (from here) and place the EXEs in any folder (e.g. d:\_svnuse)
- Put the Putty private key (e.g. svnharrykey.ppk) into the same folder.
- Double-click on putty.exe to create a new session:
- Session:
- HostName: Username @ Hostname/IP of the server (e.g. svnuser@myhost.com)
- Protocol: SSH
- Saved Sessions: Any name (e.g. svnsession)
- Connection: SSH:
- Prefered SSH Protocol version: 2
- Go back to Session node, click save. Close the program.
- In the same folder, create a batch file named “runpageant.bat”, put the following line (replace with your paths and private key name):
start "Pageant" "d:\_svnuse\pageant.exe" d:\_svnuse\svnharrykey.ppk
- Create a shortcut of runpageant.bat and drag it into All Programs > Startup.
- When the runpageant.bat is executed, key in the passphrase when prompted.
- Accessing svn repository via TortoiseSvn:
- Using the address as below:
- svn+ssh://svnsession/Repo_ProjectName/Trunk
Subversion (svn): 1.4.5
TortoiseSVN: 1.4.8.12137 (win32)
Cygwin: 1.5.25-14
Putty, Puttygen, Pageant: 0.60
Additional Resources:
Subversion: Post-Commit Email Notification
If you find this post helpful, would you buy me a coffee?
No comments:
Post a Comment