Geek Answers Handbook

Authentication with Subversion

I have an SVN server with which I am connecting with ssh+svn . When checking for a specific directory containing many svn:external repositories, I have to enter my password many times.

  • How to configure my Subversion client for automatic authentication?
  • Where is the documentation for this?
+6
authentication svn ssh
source share
3 answers

I do not know about the built-in SVN mechanism for automatic authentication of SSH. But you can use the public key authentication mechanism from SSH:

Here is a short tutorial on how to do this: http://www.petefreitag.com/item/532.cfm You can easily find additional information on the Internet about this.

Since this may be useful, here is a more detailed guide with information about agent forwarding: http://unixwiz.net/techtips/ssh-agent-forwarding.html

Some basics of public key authentication

Otherwise, the remote SSH server can authenticate you when you try to log in. The classic password is one of them. But you can also use a mechanism based on asynchronous keys.

You create a key pair on your local machine: private and public. Then you must distribute the public key to the entire remote SSH server on which you want to register. It is very important that the private key is never distributed.

When you try to enter the system, the remote server sends a call that is encrypted using the private key. If you are familiar with asynchronous cryptography, you know that only the public key can now decrypt the specified encrypted call. That way, when the server receives the response, it can decrypt it, and if the answer and the call are identical, you are authenticated.

You no longer need passwords for SVN operations or any other SSH connection on this remote computer.

Ssh agent

Another information about ssh-agent.

When you create your key pair, ssh-keygen will ask for a password to further encrypt the private key to increase its security. You can leave this password blank, so you will not need to enter a password when using the key.

However, if you choose a password, every time you want to use a key, you must enter a password that will be the same as using authentication using SSH. But there is a neat solution: ssh-agent.

An agent is a small daemon that will store your keys in memory. When you add the key to the agent using ssh-add, it will first ask you for your password, and then every time the SSH client needs a key, it will ask for the agent, so there will be no password anymore.

In my second link you will find information about agent forwarding, which is also a good reason to use ssh-agent.

I hope I understand, otherwise ask any questions you want.

+4
source share

SVN supports authentication persistence - which is useful to prevent authentication for each svn: external. See the config file and README.txt located in ~ / .subversion.

The first part of the configuration file should be the authentication section:

 ### Section for authentication and authorization customizations. [auth] ### Set store-passwords to 'no' to avoid storing passwords in the ### auth/ area of your config directory. It defaults to 'yes'. ### Note that this option only prevents saving of *new* passwords; ### it doesn't invalidate existing passwords. (To do that, remove ### the cache files by hand as described in the Subversion book.) store-passwords = yes ### Set store-auth-creds to 'no' to avoid storing any subversion ### credentials in the auth/ area of your config directory. ### It defaults to 'yes'. Note that this option only prevents ### saving of *new* credentials; it doesn't invalidate existing ### caches. (To do that, remove the cache files by hand.) # store-auth-creds = no

The keys seem to be stored in ~ / .subversion / auth (at least on Unix).

In my test, I was asked to authenticate the first time using svn: external as part of the trunk check. Subsequent svn updates for the trunk did not issue authentication for the external update.

Secondly, using ssh keys to navigate to your repo. This information is specific to SVN authentication only.

+2
source share

Yes, secondly, public key authentication is the way to go. If you are protecting your key with a passphrase, you want to use ssh-agent to store the key in a key fob on Linux or Putty on Windows. Otherwise, you still have to enter a passphrase.

0
source share

More articles:


All Articles