Setting Up a SVN Server Using SSH Certificates


A while back there was a need for one of my clients to manage some files between a team of their employees. They asked if I could set them up a secure location for the files to be stored in, as well as using an encrypted channel for moving the documents, and code they were writing, to and from the server. So I embarked on setting up an SVN server for them that would use SSH to encrypt the communications.

 

This should work on Debian 6 (Squeeze), though I actually built this on a Ubuntu 12.04 server. Theoretically, this should work on most versions of Ubuntu as well.
So if you need one, here’s how I built mine:

sudo apt-get update && sudo apt-get dist-upgrade
sudo apt-get install subversion subversion-tools

Make sure to allow all dependencies to be installed, like Apache, etc…

Now we need to store our files somewhere

sudo mkdir /var/svn/
sudo mkdir /var/svn/{team-name}
#
# Replace {team-name} with whatever you'd like

Now that that the software is installed we need an SVN user account

sudo useradd svn -s /bin/false

 

Give your group ownership of the repos directory.

chown -R svn:svn /var/svn/{team-name}/
sudo chmod -R 770 /var/svn/*

 

Let create a group for SVN (makes it easier to manage permissions for the repo)

sudo groupadd svn

 

If you need any people to use the SVN, now is the time to add them, though you can add them later too…
and we’ll add those people to the SVN group at the same time

sudo useradd -G svn -d /home/steve -m steve
sudo useradd -G svn -d /home/mike -m mike
sudo useradd -G svn -d /home/john -m john

 

If you have existing users, make sure to add them to the SVN group (if they need to be)

usermod -a -G svn

 

We’ll need to set some temporary passwords for our new users (do this for all newly added users, have them change this password later!)

passwd john

 

Now we can create the svn repository

sudo svnadmin create /var/svn/{team-name}/

 

Now we can setup SSH keys on this system so that you can easily log in from your main Linux Desktop machine.

 

So go to your home directory on your local machine (NOT THE SERVER!) and your navigate to your home folder. From here CD into your .ssh directory and we’ll create your SSH Certificates.

cd ~/.ssh/
ssh-keygen -t rsa
{save as default file, press enter}
{enter your own password and hit enter}
{confirm your password}

 

Once this is done we’ll setup your host with keys to stay authenticated (substitute the IP address 192.168.0.100 with the actual IP address of your server!)

cat ~/.ssh/id_rsa.pub | ssh steve@192.168.0.100 "cat - >> ~/.ssh/authorized_keys"
ssh-agent
ssh-add

 

And now you can test your new ssh keys by doing this:

ssh steve@{server-IP-Address}

 

That should’ve connected you without an issue. Type exit to quit

 

Now let’s get the SVN Server actually serving data

svnserve -d -r /var/svn/{team-name}

 

Now lets setup the home directory for the svn local store on your local computer

cd ~
mkdir team-scripts (OR WHERE EVER YOU WANT THIS TO BE)

 

Let’s test to see if the Server will allow a checkout.

svn co svn+ssh://{server-IP-Address}/var/svn/{team-name}/

 

 

IF YOU ARE USING A MAC COMPUTER, IN ORDER FOR YOUR MAC TO IMPORT OR ADD FILES TO THE REPO,

         YOU NEED TO RUN THIS COMMAND!!!

export SVN_EDITOR=nano

 

(optional) to a test to make sure the server is working, make a file.

echo "testing svn repo" > grsscripts/stevetestsvn.txt
svn import -m "test svn+ssh" grsscripts/ svn+ssh://{server-IP-Address}/var/svn/grsscripts/

 

Now your local and server side repos are setup.
To update, issue this command:

svn update team-scripts/

 

To save any changes to files in the repo do this:

svn commit team-scripts/

#                     This will also work from any sub folder.
#                     So lets say you were in ~/team-scripts/building/stuff/
#                     you could just issue
svn update
#
<code>

&nbsp;

To add new files and folders you could copy anything you want into your "~/team-scripts/" and issue
<code>svn add team-scripts/{new-folder}
svn commit team-scripts/

 

YOU MUST RUN THE COMMIT COMMAND TO UPLOAD YOUR MODIFIED FILES TO THE REPOSITORY!

 

 

 

If you have any questions, comments or concern, please contact me via LinkedIn.

 

Thanks! 🙂

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Tagged , , , , . Bookmark the permalink.

Comments are closed.