On Sat, Feb 11, 2012 at 9:27 PM, André Hänsel <an...@webkr.de> wrote: > Hi list, > > can I use svnserve in daemon mode (to take advantage of its authorization > mechanisms) and still have the client use an SSH tunnel (probably with > different credentials) to connect to it, so I only have to expose the SSH > port? > > I found a post at http://svn.haxx.se/users/archive-2004-12/1413.shtml > talking about something called "SVN over SSH" but it's not mentioning how to > set it up.
It's in the famous Subversion "Red Book", at http://svnbook.red-bean.com/. It works well: the only difficulty with it is managing the keys, which needs to be worked out thoughtfully as a matter of policy file management. The last example, the one that uses individual keys installed in an svn user account, forced commands, specific usernames tied to the keys with, and perhaps even the "--root" directove to provide simpler URL's is the one you want to use. I've been a strong proponent of it for years because it avoids Linux and UNIX clients for Subversion storing passwords in cleartext, as all such clients do by default for HTTP and HTTPS access. It also can avoid fascinating interactions with Apache setups. There are performance and configuration trade-offs, but I find it very usefl, especially if I need to publish a freely accessible version of the repository that can be just plain "http" accessed. This is how www.sourceforge.net does this.
