subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Multiple SSH key handling for svn+ssh access.
Date Mon, 12 Oct 2015 14:11:10 GMT
I've recently been dealing with some svn+ssh, and git, issues where
the user may have "ssh-agent" running, and thus have different sets of
SSH keys available, when connecting to the same upstream repository.
The result can be confusing if the ssh-agent has multiple keys loaded
with different privileges, and especially if there is a local SSH key
for a system user, and would record commits or changes with different
usernames. So, I thought I'd point out my workaround!!!

Pick an upstream repository server, using SSH, such as
svn+ssh://server.example.com/localhost/repo/trunk/. When checking out
the repository as user1, and to keep the access consistent, use a fake
hostname and put it in $HOME/.ssh/config file, and tie it to a locally
stored copy of a *passphrase protected* private SSH key.

         Host user1.server.example.com
                  Hostname server.example.com
                  IdentityFile $HOME/.ssh/id_server

Then check out or switch to the repository URL to use the fake servername:

         svn+ssh://user1-server.example.com/localhost/repo/trunk

Repeat as necessary to use other forced credentials.

This way, the particular working copy can be tied to a particular set
of credentials and access linked to those credentials, rather than to
other credentials that may be stored in an "ssh-agent" or perhaps in
the default "$HOME/.ssh/id_rsa".

The passphrase protection of the private SSH key is not mandatory,
especially for unattended automatic pulls of configuration files, but
it can help avoid some security problems.

Mime
View raw message