Source Control

ID #1056

How can I use multiple SVN-only users over SSH, without giving then shell access?

A SSH "tunnel" can be used to provide secure access to an SVN repository 
for multiple users via a single shell account without actually giving the
users "shell access" to the UNIX account.

Have each user create an SSH key pair (man ssh-keygen), and put their public key in
~/.ssh/authorized_keys with the special "command" option to automatically
turn the connection into an SVN tunnel with their username:

command="svnserve -t --tunnel-user username" ssh-rsa AOIDJFLKE70wks98rKJFl...

This is a feature of OpenSSH's sshd (see "man sshd") which tells the SSH
server to allow the key to be used for authentication without a password,
but instead of running a shell, run only the supplied command (regardless
of whether a command is passed in from the client). The command in this
case is "svnserver" with the "-t" argument to specify "tunnel mode" and
the "--tunnel-user" argument to specify the repository username for this

To access the repository with an SVN client (like TortoiseSVN), use a URL
of the form:


Have the users run "ssh-agent" (OpenSSH) or "pagent.exe" (part of the
Putty distribution for Windows), and load their private SSH key before
connecting to the SVN repository.

Please note that this technique requires that your shell account has write access to the repository. If you have a 'Managed Repository', this is not the case.

Categories for this entry

Tags: -

Related entries:

Last update: 2006-05-08 21:20
Author: Dave Steinberg
Revision: 1.0

Digg it! Print this record Send to a friend Show this as PDF file
Propose a translation for Propose a translation for
Please rate this entry:

Average rating: 0 out of 5 (0 Votes )

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry