Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

grantm (164)

grantm
  (email not shown publicly)
http://www.mclean.net.nz/

Just a simple [cpan.org] guy, hacking Perl for fun and profit since way back in the last millenium. You may find me hanging around in the monestary [perlmonks.org].

What am I working on right now? Probably the Sprog project [sourceforge.net].

GnuPG key Fingerprint:
6CA8 2022 5006 70E9 2D66
AE3F 1AF1 A20A 4CC0 0851

Journal of grantm (164)

Thursday May 25, 2006
05:09 AM

SVN SSH Multi-hop Tunnelling

[ #29707 ]

I needed to access a Subversion repository on a server at work from home. All access to the repository is via SSH+svnserve - which is good because there are no Apache setup hassles and no extra authentication layer.

Unfortunately the SSH route from outside in involves landing on a bastion host in the DMZ and then logging on to a dual-homed proxy server and finally connecting to the server which hosts subversion. It's all passwordless since logins to the intermediate hosts are only possible if keys have been installed by the sysadmins. I have a shell alias that gets me onto the subversion server with agent forwarding as follows:

ssh -A bastion.example.com ssh -A proxy ssh svnserver

I thought it was going to be tricky to get subversion to work with a multihop SSH path and Google didn't seem to turn up anything particularly helpful. However, once I'd read the fine manual, it was not hard at all.

Step 1: Edit $HOME/.subversion/config, find the [tunnels] section and add a line like this:

workssh = /usr/bin/ssh -A bastion.example.com ssh -A proxy ssh svnserver

Step 2: Check out a working copy:

svn co svn+workssh:///path/to/svnrepos/proj/trunk proj

Done.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.