Setting up an SVN server for SSH access

This page describes how to set up an SVN server on a Unix-alike system, for access by yourself or by others via SSH using public keys. See also http://nedbatchelder.com/text/quicksvn.html for some introductory level instructions about Subversion servers, and this page for information on setting up clients in Windows.

Creating a Repository

I assume that you have command line versions of Subversion installed. This is also possible from GUI versions like TortoiseSVN, but since it's not something you'll do very frequently, command line should be fine.

  1. Choose a location for the repository

    You need to choose a directory on your disk which is safe from modification. You'll need to know this location when setting it up and when giving instructions to a user to check it out, but won't normally do much work here. Suppose the path is SVNPATH.

    Decide on a name for the repository. If it's only for yourself you can put all sorts of mixed things in different subdirectories of the same repository, but if it's being shared with someone else, it's easiest to set up a new repository for each project. Suppose we call it REPOS.

    Change directory to SVNPATH, and run

    svnadmin create REPOS
    

    That will create a subdirectory of SVNPATH called REPOS, and will populate it with various Subversion files. You almost never need to look there (except for advanced things like setting up commit hooks).

  2. Check out a copy using the file protocol. Switch to some other directory where you'd like a working copy, and run

    svn checkout file://SVNPATH/REPOS REPOS
    

    This will create a working copy in REPOS. (There may be some fiddling required to get the URL right. For example, the Windows directory d:\SVNPATH\REPOS would be file:///d:/SVNPATH/REPOS.)

  3. Create the directory structure you like in the working copy (e.g. the traditional trunk, tags, branches structure, or a different one, and commit it.)

Checking out using SSH to your own account

If you have set up the repository as above on a Unix-alike server, and want to check out a working copy on another computer, you may use a SSH tunnel. Subversion makes numerous connections to the server, so you will likely want to set things up to use public key logins with an authentication agent like Pageant on Windows or ssh-agent on a Unix-alike.

This page describes setting up a Windows system as a client using Pageant.

With the authentication agent in place, you simply check out the file using the svn+ssh protocol, e.g.

    svn checkout svn+ssh://USERNAME@server/SVNPATH/REPOS REPOS

Note that in this case the SVNPATH needs to contain the full path to the repository starting from the root, e.g.

    svn checkout svn+ssh://dmurdoch@myserver.com/usr/home/dmurdoch/svnroot/trunk REPOS

Allowing other users to access the repository with SSH

If you want other users to access the repository using SSH, but don't want to give them full access to your account, then you can do it by setting up a dedicated command in your authorized_keys2 file. (This assumes you are using OpenSSH as your server.)

Suppose the user's public key in OpenSSH format is

    ssh-rsa AAAAB3NzaC1yc2EAAAA...

Then prefix it as follows in the authorized_keys2 file:

    command="/usr/bin/svnserve -t --tunnel-user=THEIRNAME --root=/SVNPATH/REPOS",no-port-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAA...

This is one long line! I assume that svnserve is in /usr/bin; if not, use the right path here. The THEIRNAME given will be recorded if this user commits any changes to the repository.

The user will not need to know the SVNPATH; they will be sent directly to the repository. Their checkout URL should look like this:

    svn+ssh://USERNAME@server/path

For example,

    svn checkout svn+ssh://dmurdoch@myserver.com/trunk REPOS

would get them the same working copy as the checkout example above would get for me.