Adding a safe multi user subversion repository to a Host Monster account

This is an updated version of the guide, the original can be found here.

The key to this method working is that subversion contains a handy component called svnserve which allows it to be tunnelled through a ssh session that authenticates with a key that only allows access to a single command tailored to set the subversion username. ssh itself supports this out of the box by setting parameters in its authorized_keys file.

Server side installation

Here is a shell script that covers the steps I used to install subversion. I recommend you run it line by line and check for later versions but if you're feeling brave then just download it to your Host Monster account, making it executable and actually launching it by entering the following commands:

wget www.sharpstep.com/Articles/HostMonster-svn/svn-install.sh chmod a+x svn-install.sh ./svn-install.sh
Alternatively here it is:

You'll see that the end of this procedure I'm recommending downloading another small script I've written which will automate the process of creating a new key for a subversion user and adding that to the authorised list. If you want to do it by hand or want to add a pass phrase to the key or use a different encryption or whatever here's the code of the script:

Now this is set up you need to get your users to do a client install and send you the public key they've generated.

Client/user installation

Tortoise SVN (windows)

I've done this on vista and included screen shots of the whole process, I hope this helps.

Install Tortoise svn

Have your user create themselves a private key and configure Tortoise.

They should run puttygen available from the putty website.

It can be the default SSH2- RSA type of key.
I'd recommend no pass phrase - they can encode a pass phrase though if they want but they'll have to enter it lots or configure pagent.
The comment doesn't matter.
Once generated have them save and send you the public key.

The public key is the one that's highlighed in the screenshot. You can just copy and paste that into an e-mail to the server administrator.
If you are the server administrator you can register this key by pasting it into a ssh session.

They'll also want to save their private key somewhere on the machine by clicking Save private key.

Then if not using pagent they need to edit the subversion config file.

This can be done by right clicking in some empty folder space and selecting TortoiseSVN->Settings [ScreenShot].
Now you want to select the Edit button on the right. [ScreenShot]
Uncomment the line "[tunnels]" if it's commented by removing any leading #s.
Add the following line below it:
ssh-user = "C:/Program Files/TortoiseSVN/bin/TortoisePlink.exe" -noagent -i "[path to the private key just generated]".

Note that in the path to the private key they must use '/' as the path separator and not '\'.
Note that the name of the tunnel schema (ssh-user) can only contain certain characters.

Scheme names consist of a sequence of characters. The lower case letters "a"--"z", digits, and the characters plus ("+"), period ("."),and hyphen ("-") are allowed.
You may want to set up different schemes for different local copies of the repository to associate with different keys, thus allowing you to have different usernames in the repository for each local checkout.

Now the user can connect using Tortoise SVN.

Right click on some empty folder space and select TortoiseSVN->Repo-Browser. [ScreenShot]
To browse the repository enter the following URL: svn+ssh-user://[Host Monster username]@[Host Monster domain].

Note it's your (8 letter)user name that you would use for ssh access.
Also note if they're using pagent then they can just use svn+ssh://[your username]@[your Host Monster domain].

That's it, it should be working now!

You probably want to set up a basic Branch,Tags,Trunk folder structure and work inside the Trunk folder

Create the three root level folders. [ScreenShot]

Finally you'll want to check out your trunk folder so you can work locally. [ScreenShot 1] [ScreenShot 2]

Smart SVN (cross platform java)

Generate a key pair

Under windows:

They should run puttygen available from the putty website.

It can be the default SSH2- RSA type of key.
I'd recommend no pass phrase - they can encode a pass phrase though if they want but they'll have to enter it lots or configure pagent.
The comment doesn't matter.
Once generated have them save and send you the public key.
They'll also want to save their private key somewhere on the machine.

Under Linux:

TO-DO: document this - use ssh-keygen I'm sure though and then ssh to tunnel in the later steps

Download and install Smart SVN.

You'll need a Java runtime installed or on windows to get the package including it.
Under windows you'll need some way to tunnel the session:

plink from the putty website.
or TortoisePLink.exe which is installed as part of Tortoise svn.

Now start the client and select the Project->Check Out... option

Under the Repository drop down hit the Manage... button to set up the connection

Select the Tunnels tab to configure your tunnel.

Hit the Add button to add a new tunnel.

Name it anything you like.
The command should be your tunnel program:

Windows example: C:\Program Files\TortoiseSVN\bin\TortoisePlink.exe.
Linux example: ssh

The parameters should log you into the ssh session:

Windows example: -noagent -i "[path to putty private key]" ${user}@${host} ${svnserve}.

Note that in the path to the private key they must use '/' as the path separator and not '\'.

Linux example: -i "[path to ssh private key]" ${user}@${host} ${svnserve}.

Now go back to the Profiles tab.

Hit the Add button to add a new profile.

Select the SVN+SSH protocol.
Check Prepend SSH login name to host (user@host).
For the server name enter the Host Monster domain name.
For the repository path enter /

Hit the Next button.

For the login name enter the 8 Host Monster ssh login name (8 characters).
Check the Tunnel radio button.
Select the tunnel you set up above

Hit the Next button
Finally name your profile.
Now select the new profile and hit OK.

Hit the Next button and proceed to checking out the project.

Client/user installation

Xcode (OSX)

Have the latest version of XCode installed on your machine (3.1.1 at time of writing).

Create a public/private key pair

Open a terminal session (Utilities->Terminal)
type ssh-keygen and press enter

Enter a filename to save as (this will be in your home folder unless you've changed directory)
Enter a passphrase - I reccomend entering an empty one
Confirm the passphrase

now send the generated public key [yourkeyname].pub to the person administering the subversion repository

Setup a custom tunnel for subversion to use.

Ensure your ~/.subversion folder exists:
- From a terminal session (Utilities->Terminal) enter svn --version
Open the file ~/.subversion/config in an editor

Either use your favorite text edito.
or use Applications-TextEdit

To get to the correct folder press Shift-Command-G and then in the "Go To Folder" dialog enter ~/.subversion.
select the config file

Or Setup a the jEdit text editor to use from the terminal.

Find the section starting [tunnels]
Add the following line:

ssh-user = ssh -i [path to the private key just generated]

Note that the path to the private key must be the full path and not include ~ for the home directory.

Your home directory is /Users/[UserName]. If in doubt open a terminal and enter pwd to print it out.

Note that the name of the tunnel schema (ssh-user) can only contain certain characters.

Scheme names consist of a sequence of characters. The lower case letters "a"--"z", digits, and the characters plus ("+"), period ("."),and hyphen ("-") are allowed.
You may want to set up different schemes for different local copies of the repository to associate with different keys, thus allowing you to have different usernames in the repository for each local checkout.

Save the file and close your text editor

Open and browse the repository in XCode

Open XCode
Goto SCM->Configure SCM Repositories
Add a new repository (the small + button underneath the Repositories list

Enter a name for the reposoitory and set it to using Subversion as the SCM System then press OK
In the URL box enter svn+ssh-user://[ssh username]@[hostname]/

Your provider should give your the ssh username and hostname - the username is typically the first 8 characters of the hostname

Apply

- You should see the message "Testing Connection..."
- This should shortly be replaced with "Authenticated"
- If the connection fails for any reason then chech that the administrator has recieved your public key and authenticated it for you

You should now be able to browse the repository and checkout files to your local computer to work on them from the SCM->Repositories.

From here you're on your own, sadly documentation on XCode's subversion usage is sparse however I've found it reasonably painless

Adding a user to the server.

This is done by registering the public key your user will send you.
Upload it to the Host Monster server.

This can be done by using the echo command and pasting the key text then redirecting to a file:

echo [pasted key text] > FileName

Authenticate it only for a specific svn user with the command:
./create_svn_user.sh [new user name] [public key file].

References

Comments

I'd welcome any comments, problems with this method and whatever. If you have any, please add them to the blog post related to this article.