Subversion

From Apis Networks Wiki

Jump to: navigation, search

Subversion requires a decent amount of setup to tunnel a connection through SSH to the server your Subversion repositories are hosted on if you want to connect to it remotely.

Contents

Windows Setup

Required software

Subversion client for Windows
Official Subversion client - text svn client

or

TortoiseSVN - excellent graphical svn client
SSH tools
putty.exe - GUI ssh client for Windows useful for testing purposes
plink.exe - text ssh client for Windows, used to tunnel the ssh connection to the server
puttygen.exe - key generator for putty, used to convert your ssh private key into a key putty can use
pageant.exe optional - putty authentication agent, provides passwords for ssh key authentication

- Note: I had to drop plink.exe in the same directory where svn.exe lives. -- Chuck 01:46, 15 February 2007 (EST)

Creating your public and private key

  1. Use putty to ssh into your account.
  2. Once connected, you'll need to run: ssh-keygen -b 1024 -t dsa -f mykey
  3. After typing in the passphrase, this command will generate two files. One called mykey and the other called mykey.pub. mykey is the private key and mykey.pub is the public key.
  4. If you don't already have one, create a .ssh folder in your home directory: mkdir ~/.ssh
  5. If you don't already have any authorized keys configured for ssh, type: mv mykey.pub ~/.ssh/authorized_keys
  6. Retrieve the mykey private key file and put it somewhere on your local computer where you can find it again.
  7. Run puttygen.
  8. Click the Conversions menu item.
  9. Select Import key.
  10. Browse to the folder where you downloaded mykey and select it.
  11. puttygen will ask you for the passphrase, type it in.
  12. Once puttygen has processed the private key, click the Save private key button.
  13. Save the private key to a folder, preferably somewhere that no one else has access to if your computer is used by multiple people.
  14. Delete the old mykey you downloaded from the server.

With the public key on the server and your private key on your local computer, you're now ready to set up the putty SSH connection.

Configuring putty

Now you need to configure a connection for putty. Putty is quite an interesting and useful piece of software. All of the programs that use its libraries are integrated. If you set up a connection in the putty GUI client, plink, pageant and even TortoiseSVN will have access to these configurations by the configuration's name. This is quite useful for our purposes because you don't have to make configurations for each of these pieces of software for your ssh connection.

  1. Run putty
  2. When you first open up putty, you'll see a screen similar to:
    Image:Subversion_putty01.jpg
  3. Type in your domain name or the hostname of the server your domain is hosted on:
    Image:Subversion_putty02.jpg
  4. Find Connection in the tree on the left and click Data below it:
    Image:Subversion_putty03.jpg
  5. On the right-hand side under Login details, type in the username you would like to login as, don't forget @domain-name.com:
    Image:Subversion_putty04.jpg
  6. Find the SSH branch and pick Auth:
    Image:Subversion_putty05.jpg
  7. Click the Browse button then browse to and pick your private key file that you saved in the previous section. This tells putty to attempt to connect to the hostname with this key before asking for the normal ssh password.
  8. Go to the Session branch at the very top of the tree.
  9. In the text box below Saved Sessions, type in a name for this connection and click the Save button:
    Image:Subversion_putty06.jpg

You now have a putty connection that will attempt to use your private key to connect to the server. If you select the configuration you created and click the Open button in putty, putty will connect to the hostname and prompt you for the passphrase for your key. Note: This is NOT your login password to the server, it is the passphrase you typed in when you generated the public/private key.

Configuring pageant

The final piece of this puzzle is pageant. pageant is an authentication agent which basically stores the passphrase for a key so when any programs that use the putty libraries try to make a connection with a key stored in a configuration, it will automatically use the passphrase, rather than make you type it in. This is vital for the official svn client or TortoiseSVN to connect through SSH. Without it, there is no prompt for the passphrase(TortoiseSVN prompts for a password but I don't think it's the passphrase, it doesn't do anything but ask over and over and break the repo-browser when you try to click Cancel). Without pageant the official svn client will stall and never complete the query. Configuring pageant is quite simple.

  1. Run pageant.
  2. pageant will put an icon in your system tray. Double-click the tray icon.
  3. Click the Add Key button and browse to the private key you saved to your local computer earlier.
  4. pageant will prompt you for the passphrase for this key.
  5. The key will now be listed in pageant's key list.

pageant is now configured and will use the passphrase for the key you added to the list whenever a connection uses that particular key, such as the connection we created in the section above. Note: pageant does not store key or passphrase information between program instances. If you restart your computer and run pageant again, the key list will be empty and you have to re-add your keys and re-type your passphrases for those keys.

TortoiseSVN

Your system is now ready to run TortoiseSVN. The official svn client needs a little more work to start functioning because you need to tell it how to use plink, the text ssh client. Read the next section on how to do this.

If you run the TortoiseSVN repo-browser and type: svn ssh://[connection]/[path/to/repository] where [connection] is the connection you created in putty and [path/to/repository] is the path to the svn repository on the server, you should get a listing of your repository.

Note: Everytime you use [path/to/repository] add in the full directory. e.g. My repo is under a user named code@hostname.com, therefore my full connection syntax w/ path is svn ssh://[connection]/home/code/svn/repo -- Chuck 01:46, 15 February 2007 (EST)


Still getting pw prompts?: "You don't need your password if public keys are setup correctly. If you're getting a prompt every time, then check ~/.ssh/ permissions. The directory should be 0700 and files underneath 0600." (Quoting Matt from the forums)

Official svn client

The official svn client requires a little more configuration to be ready to run. The reason for this is that it doesn't use the putty library like TortoiseSVN does, so you have to tell it to use one of the putty tools, namely plink. plink is a text ssh client that you can run in a DOS window in Windows. It can use the same configuration names that you have created in the GUI ssh client. All you need to do is tell svn how.

  1. Open the Windows Registry Editor by typing: regedit in the Run dialog of the Windows Start menu.
  2. Once the Registry Editor is open, on the left hand side, choose either HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE. If you make these additions in HKEY_CURRENT_USER then they will only apply to the user you are logged in as. If you make them in HKEY_LOCAL_MACHINE, it will affect all users running Subversion.
  3. Expand the SOFTWARE branch.
  4. Expand the Tigris.org branch underneath SOFTWARE.
  5. Expand the Subversion branch underneath Tigris.org.
  6. Expand the Config branch underneath Subversion. If you do not have a Config branch yet, right-click on Subversion and highlight New and pick Key. Name the new key Config.
  7. Right-click on Config and highlight New and pick Key if you do not have a tunnels key, otherwise expand it.
  8. Make sure the tunnels key is highlighted on the left and then right-click in the white area on the right and pick New String Value. Name the new string value ssh. You can choose a different name if you like. This is the name you type in following svn. You'll need to create one for each private key you use that isn't the same.
  9. Right-click on ssh and pick Modify. Type in: plink -i [whole path to private key] where [whole path to private key] is the path to your private key for your connection. Also, make sure there is a space after the path to your private key. This is important because of the way that the official svn client calls this command. If you do not put a space, it will not function properly and will probably hang.

The official svn client is now ready to run. If you have the client in your path, you can open a DOS window and type: svn ls svn ssh://[connection]/[path/to/repository] where [connection] is the connection you have setup in putty and [path/to/repository] is the path to the svn repository on the server. If all goes well, you'll get a listing of the files in your repository.

Note: When filling out the [whole path to private key] make sure to use " quotation marks around the pathname if it includes spaces. e.g. "C:\Documents and Settings\Administrator\Desktop\mykey.ppk" -- Chuck 01:46, 15 February 2007 (EST)

Linux Setup

The preferred way of connecting to your repository in Linux is over SSH. Before you can use the svn command with SSH, you'll need to setup a public key. This process is similar to Windows.

Creating a Key Pair

From your Linux terminal on your local machine, run ssh-keygen -t rsa to create a public/private key pair: 

[admin@mrchainsaw admin]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa): 
Created directory '/home/admin/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
12:34:56:78:90:ab:cd:ef:ff:ff:ff:ff:ff:ff:ff:ff admin@mrchainsaw

Now you have two files under /home/username/.ssh/, id_rsa and id_rsa.pub. Copy the contents of the id_rsa.pub key to your shell account on Apis Networks. Create a file named authorized_keys under $HOME/.ssh/. If this is your first time connecting via SSH, the directory doesn't exist yet. Let's make it: 

umask 077
mkdir $HOME/.ssh/
touch $HOME/.ssh/authorized_keys

Now paste the contents of id_rsa.pub into authorized_keys. Now you must set permissions for ~/.ssh/ and for authorized_keys. From your apis account: chmod 0700 ~/.ssh/ and then cd ~/.ssh/

Retrieved from "http://manual.apisnetworks.com/index.php/Subversion"
Personal tools