SVN over SSH with multiple svn users and a single unix account without shell access (Windows client configuration)

Our goal in this three part tutorial is to provide multiple users access to a SVN server running a recent version of Ubuntu Linux through the SSH protocol. In SVN language, this combination of protocols is called svn+ssh. The straight forward way would be to create a unix user account for every SVN user and let them tunnel to the SVN server. However, giving all these users shell access to the server is a potential security issue and goes far beyond the initial purpose of just giving access to the SVN server. As a solution, we will create a single unix user account, that is not allowed to have any shell access, and let the SVN users connect through this user account to the SVN server.

This third and last part of the tutorial focusses on the configuration of a Windows client. The first part of the tutorial managed the server-side configuration whereas the second part walked through the configuration of a Unix / Linux client.

Client-side configuration on Windows systems

As stated in the server-side configuration, the private key file id_rsa needs to be distributed to the user on the client side. He or she will use the private key to connect to the SVN server. As the private key is enough to establish the connection, it needs to be stored in a safe place on the computer (and may be additionally secured by a password, see ssh-keygen above).

On Windows, we will use PuTTY to establish the SSH connection and TortoiseSVN for the SVN connection on top of the SSH connection:

As a first step, we are required to convert the private key from OpenSSH format to a format, that PuTTY can read. For this, start PuTTYgen (that came with the PuTTY installer) and select from the menu

Conversions -> Import Key

Load the private key file id_rsa and then click the “Save private key” button in PuTTYgen’s main window. Choose a meaningful filename, for example id_rsa.ppk.

Now as we have the private key file in a format compatible with PuTTY, we configure a so called PuTTY session that connects to the SSH/SVN server with the private key. This session will then be used by TortoiseSVN to automatically set up the SSH connection. Start PuTTY, enter the host name of the  SSH/SVN server, in

Connection -> Data

enter the username sshsvn and in

Connection -> SSH -> Auth

provide the path to the private key file id_rsa.ppk. After you have done all configuration, change back to the first tab and store the configuration as a new session that we will call here svn_over_ssh.

After storing the session, double-click it from the list. A  terminal window will open and stop after displaying some messages. As expected, the connection is established with the provided private key, but is not granted a shell (pty). Remember, that we disabled shell access for user sshsvn. The last line is output from the SVN server.

Using username "sshsvn". 
Authenticating with public key "imported-openssh-key" 
Server refused to allocate pty 
( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries commit-revprops depth log-revprops atomic-revprops partial-replay ) ) )

After closing the terminal window (and quitting PuTTY at the same time), start TortoiseSVN by right-clicking the Desktop and selecting

TortoiseSVN -> Repo-Browser

from the context menu. The syntax of the URL for the repository is

svn+ssh://PuTTY_SESSION_NAME/repo-path

so in our case reads

svn+ssh://svn_over_ssh/

Please note that in difference to the Linux client, there is no need for a trailing @ char to browse the root directory. Clicking the OK button will connect to the SVN server and we are ready to use TortoiseSVN to connect to the SVN server.

Summary

We have seen how to connect from a Windows system to a SSH/SVN server with a private key for the SSH connection. The server will decide upon the matching public key which SVN user account is used for the SVN connection.

Further Reading

Apart from the documentation of PuTTY and ToroiseSVN, the main source for this tutorial has been http://tipsandtricks.nogoodatcoding.com/2010/02/svnssh-with-tortoisesvn.html.

This is part three in a series of three tutorials:

Advertisements

2 thoughts on “SVN over SSH with multiple svn users and a single unix account without shell access (Windows client configuration)

  1. Pingback: SVN over SSH with multiple svn users and a single unix account without shell access (Unix / Linux client configuration) « zeroset

  2. Pingback: SVN over SSH with multiple svn users and a single unix account without shell access (Server-side configuration) « zeroset

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s