附录 G. 用 SSH 使服务器更安全
目录
This section provides a step-by-step guide to setting up Subversion and TortoiseSVN to use the svn+ssh
protocol. If you already use authenticated SSH connections to login to
your server, then you are already there and you can find more detail
in the Subversion book. If you are not using SSH but would like to do
so to protect your Subversion installation, this guide gives a simple
method which does not involve creating a separate SSH user account on
the server for every subversion user.
In this implementation we
create a single SSH user account for all subversion users, and use
different authentication keys to differentiate between the real
Subversion users.
In this appendix we assume that you already
have the subversion tools installed, and that you have created a
repository as detailed elsewhere in this manual. Note that you should not start svnserve as a service or daemon when used with SSH.
Much of the information here comes from a tutorial provided by Marc Logemann, which can be found at www.logemann.org Additional information on setting up a Windows server was provided by Thorsten Müller. Thanks guys!
配置 Linux 服务器
You
need to have SSH enabled on the server, and here we assume that you
will be using OpenSSH. On most distributions this will already be
installed. To find out, type:
ps xa | grep sshd
and look for ssh jobs.
One point to note is that if you build Subversion from source and do not provide any argument to ./configure
, Subversion creates a bin
directory under /usr/local
and places its binaries there. If you want to use tunneling mode with
SSH, you have to be aware that the user logging in via SSH needs to
execute the svnserve program and some other binaries. For this reason,
either place /usr/local/bin
into the PATH
variable or create symbolic links of your binaries to the /usr/sbin
directory, or to any other directory which is commonly in the PATH
.
To check that everything is OK, login in as the target user with SSH and type:
which svnserve
This command should tell you if svnserve is reachable.
Create a new user which we will use to access the svn repository:
useradd -m svnuser
Be sure to give this user full access rights to the repository.