[Vormav]

Just a quick one to throw out there: Getting svn browsing for multiple users is easy enough on standard hosting. I already have that setup with websvn. But what options do I have if I want to be able to have other users both checkout from and commit to subversion? I can't exactly give them my ASO username and password.
Even if I could just have one or two extra usernames for svn access, that'd probably be enough. Just as long as I have some way of having other people perform commits without having to give out my aso user info.

[-ASO- BJ]

The only way to do that is via svn over SSH, and you can only have the one main SSH login.

[sinister.seraph]

This might not be exactly what you want, but perhaps it will be of some use. I've just discovered that svnserve has a means to allow users to access a respository using their own names, but sharing a single system account. To make this work, you will have to give each person your ASO username, you can at least keep your password secret.

SSH allows for public/private key authentication. This means that one can authenticate oneself by providing a keyfile (containing a private key) rather than with a (system) password. By creating a keypair for each developer, you can allow each to log in using their own 'identity' (represented by the keypair), even though they will all use the same system username.
Create the public/private keypair on the client system using the steps below. I've done this in Windows using Cygwin, so the Linux/BSD steps should be virtually identical.

CODE

$ cd .ssh
$ ssh-keygen -t dsa -f dev-dsa -P '' -C developer001

The -P '' indicates that no passphrase is required when connecting (note that the '' is two single quotes, not 1 double-quote). This whole process should work just as well with a passphrase, but I haven't tested that yet. The -C specifies a comment, which can be useful later if you need to recognize which keypair belongs to which user.
This command should produce 2 files: dev-dsa and dev-dsa.pub. dev-dsa.pub is the public part of the keypair, and this must be given to host.

Upload this file to your account. In your ASO account the directory ~/.ssh should already exist. Let the host know that it should use this public key to authenticate a connecting user by adding it to the authorized_keys file.

CODE

$ cat dev-dsa.pub >> .ssh/authorized_keys

Edit this file and you should see a line (assuming the file was empty, or didn't exist, before we added to it) of the form:

CODE

ssh-dss AAAAfjgheiADFJGailajief...SDFHERE= developer001

When a client connects and provides a keyfile, the host will try to match the private key in the keyfile to one of the public keys in authorized_keys. If it finds a match it will use that key to authenticate the user.

Normally, once the user is authenticated, svn (svn+ssh) requests that svnserve -t be started. You will need to override this default behaviour by changing authorized_keys to include the command that must be invoked when the user connects:

CODE

command="svnserve -t --tunnel-user=sinister.seraph -r /home/<username>" ssh-dss AAAAfjgheiADFJGailajief...SDFHERE= developer001

Please refer to svnserve ssh configuration tricks for more information on specifying the command, and in particular for options that restrict what the user can do (and hence make this more secure).
The --tunnel-user forces svnserve to record all transactions as for the named user, in this case "sinister.seraph". -r simply specifies the virtual root.

And that's it for the server configuration.

The client must now be configured to provide the keyfile as its identity when connecting. This is done by adding an entry to ~/.subversion/config. Under the [tunnels] section, add the following line:

CODE

ssh = ssh -i /full/path/to/dev-dsa

And you should now be able to access your repository:

CODE

$ svn import svn svn+ssh://<username>@<hostname>/svn -m ":: initial import"
stdin: is not a tty
Adding         svn/scratch
Adding         svn/scratch/foo.c

Committed revision 1.

$ svn co svn+ssh://<username>@<hostname>/svn
stdin: is not a tty
stdin: is not a tty
stdin: is not a tty
A    svn/scratch
A    svn/scratch/foo.c
Checked out revision 1.

$ cd svn/scratch

$ svn log
stdin: is not a tty
stdin: is not a tty
------------------------------------------------------------------------
r1 | sinister.seraph | 2007-08-10 12:34:00 +0530 (Fri, 10 Aug 2007) | 1 line

:: initial import
------------------------------------------------------------------------

My ASO username is not "sinister.seraph", but the commit is recorded as done by that user because of the --tunnel-user I gave to svnserve.

Everything is thanks to what others have posted elsewhere:

• svnserve ssh configuration tricks
• 'authorized_keys' configuration
• svn+ssh configuration

I hope this helps someone :]

[gary]

This is fantastic! Thanks for posting that!

If you're a TortoiseSVN user, I found some helpful info here on how to get this working on the client side with Tortoise:
http://www.logemann....ves/000099.html

Basically you just need to:
- import your private key file using puttygen
- run pageant and add your private key
- connect normally with Tortoise using the svn+ssh protocol

Cheers,
Gary