One requirement of that discussion was that you needed to be using key-based authentication for your SSH access. So what if you’re not using keys? This is exactly the situation that has arisen this week with adding a new project to CCNetLive . We want to build a new project, from a new Subversion server, using SSH and password-based authentication, without messing up the SSH configuration for the existing projects on the machine (so no project-specific machine-global settings are allowed.) So how to do this?
I went through various attempts at doing this before realising how easy Subversion makes it!
First of all, make sure your new SSH connection is working correctly. In Windows, this means using Putty to connect using your SSH user name and password, and saving the server’s key. This is a vital step otherwise your connection will hang later as in the background it will be asking you to confirm the identity of the server.
Next, find your user’s Subversion
config file. On Windows, this is normally in something like
C:\Windows\Documents And Settings\
\Application Data\Subversion\. Find the
[tunnels] section, and add a line something like:
myprojectssh = c:\tools\putty\plink.exe -l YourSSHUser -pw YourSSHPassword
myprojectssh is the name of your Subversion scheme and you can use this scheme instead of the normal
ssh scheme, so you would use a command something like
svn checkout svn+myprojectssh://mysvnhost.com/my/project/root . Notice you don’t need to re-specify your user name. Obviously, you should change
YourSSHPassword for your setup, as well as the location of plink. The double back-slashes are important – check the note that should be in your Subversion
config file for more details.
This Subversion scheme works because the whole
-l abc -pw xyz part gets passed through to Plink, and plink understands what
-pw mean. If your command line SSH client uses different parameters for users and passwords you should substitute them as necessary.
There’s a couple of things to note with all this. Firstly, your SSH credentials are being stored unencrypted in a text file on your machine, so you should make sure your Subversion
config file is secured somehow. It may be enough to make sure its only visible by the individual user, but you might also want to consider using an encrypted disk. Secondly, this solution should only be used where you can’t use SSH keys for some reason. Key-based SSH authentication is a far better option, security wise, than password-based authentication.