« SCRUM solo - still vapour... | Main | TortoiseSVN for Linux »
July 14, 2007
Multiple identity crisis - selecting a different identity when using ssh for different tasks to the same server
If, like me, you have to connect to a linux server to get a console and the same server to access subversion then you might hit a snag. Accessing the server as normal with ssh wll result in a console connection - but if you use the same identity it won't be possible to access subversion - and vice versa.
The key is to use the config file of your local ssh installation. I'll presume here that you have your ssh setup to allow you to connect to your server and use the console.
I'll describe how to setup a new identity that will allow you to connect to subversion using the same identity on your local machine. This is for a linux machine. If you use Windows the situation is much easier - just use puTTY and load up the public key files with your saved profiles.
It took me a while to figure out but its fairly straightforward when you get it all together.
From your local machine ssh into the server as normal. Then go to the .ssh folder in your home directory (it will be hidden normally - to see it in a listing type ls -la)
cd ~/.ssh
Then first off, generate a new rsa key:
ssh-keygen -f yournewidentity
Don't forget to add a passkey, and don't forget the passkey!
The you will need to add this to your authorized_keys file. Before you do that though, make a backup of your file:
cp authorized_keys authorized_keys_backup
ok, now you can mess up all you want and you will still be able to restore your file and log in normally
cat yournewidentity.pub >> authorized_keys
Now edit the file (you can also use vi, nano or whatever takes your fancy)
vim authorized_keys
you will see the contents of the public key file of your new identity at the bottom of the file. Copy and paste this at the start of the newly-cat'd public key file content (leaving a space between the end of the command below and the start of the public key file content. (You may need to remove the spaces after each comma - I had to put them in here to allow the full command display properly)
command="svnserve -t -r /path/to/your/svn/repository --tunnel-user=your_normal_console_login_username", no-port-forwarding, no-agent-forwarding, no-X11-forwarding, no-pty
All that should be on one line in your authorized_keys file with the contents of the public-key on the same line. Save the file and exit the editor.
What you have done is to tell the server that when you log in and provide it with the new key, it will open a pipe to svnserver instead of logging you in to the console. Sweet!
Nearly there now, we just have to configure your local machine. But first you will have to get the private key of your new identity from the server to your local machine - FTP is the obvious answer.
When you have copied the key to your machine you will have to change the permission of the file:
chmod 600 yournewidentity
Once you have copied over the private key, on your local machine, edit the ~/.ssh/config file.
Add the following:
Host dummy_subversion_hostname
HostName server_hostname_or_IP
IdentityFile ~/.ssh/yournewidentity
Port 22
The Port is only necessary if you have configured your SSH server to listen on a different port. Save and exit and you are nearly done!
Now try and connect to your subversion server
svn info svn+ssh://dummy_subversion_hostname
SSH should ask to store the host key and then you should be prompted for your passkey and then subversion should cough up some info.
You are done.
p.s. Another alternative, and probably safer, is to generate the keyfile on your local machine and then copy only the public key to your server, leaving the privte key file secure on your machine.
Posted by dottie at July 14, 2007 8:51 PM
Trackback Pings
TrackBack URL for this entry:
http://www.5thpercentile.com/blog/mt-tb.cgi/105