HomeGet HelpFAQSSH / SSL

SVN+SSH+public key authentication on Windows Box as server

This walkthrough on getting SVN+SSH up and running on a Windows Box was provided by Thorsten Möller
Thanks!

Hi all,

I just want to provide my solution to the community since I have found out that there might be many people struggling with the same issue.

  1. Server: Install Cygwin SSH daemon as described here: http://pigtail.net/LRP/printsrv/cygwin-sshd.html
  2. Install SVN on the server (as described in the Subversion doku)
  3. Server: Create an account (for instance "SVNuser") which you will later use for logging in. Check that the user permissions are sufficient to read and write your SVN repository directory on the server.
  4. Server (if not already done): Open Cygwin console and run mkpasswd -l > /etc/passwd
  5. Client: Download PuTTY and PuTTYgen (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
    and place it in a directory which is part of the PATH, for instance C:\Windows
  6. Client: Create a key pair with PuTTYgen an save the keys.
  7. Transfer the public key to the server file: /home/<svnuser>/.ssh/authorized_keys
  8. Create a PuTTY session for loggin in to the server as described here:
    Subversion / TortoiseSVN SSH HowTo.
    Do not forget to activate auto login, i.e. set the user name.
  9. Test whether you can log in to the server with the key.
    Server: If that works you might want to disable password authentication for SSH by editing /etc/sshd_config. Change/edit lines as follows (and restart SSH service afterwards):

    PubkeyAuthentication yes
    PasswordAuthentication no
    PermitEmptyPasswords no
    ChallengeResponseAuthentication no
  10. Server: Modify /home/<svnuser>/.ssh/authorized_keys as follows. Note that every user which is supposed to use SVN uses the same login but a different key, thus you have to add one line for every user/key.

    Note: This is all on one very long line.

    command="svnserve -t -r c:/mySVNroot/ --tunnel-user=<SVNuser>",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa <thePublicKey> <publicKeyComment>

    The trick here is to use the slash instead of backslash to specifiy the SVN repository root:
    -r c:/mySVNroot.
    Another important thing is --tunnel-user=<SVNuser>.
    Since all users later will do a SSH login with the same login name (but different keys) you have to map each key to a SVN user - remember that SVN maintains its own users/userrights.

  11. Client: Access the repository with a URL like:

    svn+ssh://<PuTTYSessionName>/<MyRepository>/trunk

In various documentations and news group postings you will read that the URL has to contain the real path on the server. But this is not neccessary if the -r parameter was set correctly, see 10. I swear, for me it works fine :-)

Thorsten


‹ Subversion / TortoiseSVN SSH HowToupHow do I get client certificates to work? ›