Subversion svn+ssh access and prohibit copying files from server via SSH - linux

System environment :
Server: Centos 6.2
Client: Windows + TortoiseSVN + putty
I have installed subversion in centos, created repository on server, and configured svn+ssh access way using key authentication. Everything works fine.
But I have a question about svn user using svn+ssh mode.
The svn user have a ssh key, so he can access subversion server and of course he can also access Centos server by SSH using the key authentication. Further, he can copy subversion repository files(Specifically /db files) from centos server using like WinSCP tool base on SSH.
So, I wanna know if there is a way that let the svn user just can access svn repository via svn+ssh and can't copy repository files from centos directly via ssh accessing?
If he can copy repository files from centos server via ssh, I think the svn access control realized by conf/authz file doesn't make any sense and svn repository isn't safe.
I just learn how to create a svn+ssh subversion server, so maybe my knowledge isn't enough, please give me a idea or just tell me whether a solution exists.
If can't prohibit copying files from Linux server via SSH, I will use svn or http(s) access mode.
Thank you!

I found a way to solve this problem.
add command into authorized_keys file to disable ssh shell login and scp, but enable svn+ssh, like this:
"/usr/bin/svnserve -t -r /svn/test/",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding
after add your authorized_keys file will like this:
command="/usr/bin/svnserve -t -r /svn/test/",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-rsa A......................................................................
I think this is one solution, do your have others? Please let me know.

Related

How to Manage git user?

I have a Plan , I am create some user on my server but I want give them restrict for access our Server like
that user can use git like (push,pull,clone,ect)
that user cannot login ssh
that user can be use sftp for manage project using ftp or sftp client, and cannot access(read,write,execute) filesystem directory . only project folder can they accesed.
I know git need ssh for do it git system.it's look weird question, it's possible using git like I mean ?
Well, you may use git-shell as a shell for git-only user (see man git-shell). Regarding sftp newer OpenSSH has ChrootDirectory directive, see http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP#Chrooted_SFTP-only_Accounts

Subversion over ssh - access to the remote repository on Linux from Windows host

I created a repository in Mandriva Linux and want to access it from Windows host.
mkdir /home/user/myrepo/
svnadmin create /home/user/myrepo/
To do this, i installed a client TortoiseSVN 1.7.9.
I set the path -
svn+ssh://user#ip/home/user/myrepo/
Where ip== ip of remote linux host.
I'm trying to do a review of the repository, but get an error -
Unable to connect to a repository at URL 'svn+ssh://user#ip/home/user/myrepo/' Can't create tunnel.
What could be the reason for the error?
You need to edit your configuration file (%appdata%\Subversion\config), there is a section called tunnels where you have an out commented line like this:
ssh = C:\\Program Files\\TortoiseSVN\\bin\\TortoisePlink.exe
If you use a key for authorization you can add this parameter for skipping the password entry part:
-i c:\\Path\\to\\putty-ssh-key.ppk

How to setup and clone a remote git repo on Windows?

Anybody know how to checkout, clone, or fetch project or code from a git remote repository on a Windows server?
Repository IP is: xxx.xx.xxx.xx, source file directory is c:\repos\project.git
I am used to the command line interface from a SUSE Linux terminal. I have tried the same kind of method but it always replies that
fatal: ''/repo/project.git'' does not appear to be a git repository
fatal: Could not read from remote repository..
Please make sure you have the correct access rights
Can anyone tell me how to setup and clone?
You have to set up some kind of sharing from the windows machine, that you can access with git. Git supports 3 access methods: ssh, remote filesystem or http. The last one is probably most complicated, so I won't detail it. The first two are:
Set up ssh server on windows.
You can try this guide: http://www.timdavis.com.au/git/setting-up-a-msysgit-server-with-copssh-on-windows/. See also this question for some more options.
Than you clone by git clone username#xxx.xx.xxx.xx:/c/git/path/to/repo (you will be asked for password).
Advantage of this method is that it's secure (connection is encrypted and ssh server is trustworthy), so you can use it over internet. Since git server is running on the windows machine during access, you can set up hooks for advanced security policy, controlling other processes and such.
Share the repository using windows sharing.
Than on the linux host, you need to mount the share with smbmount. That might require username and password, depending on how you set the permissions.
Than you clone by git clone /share/mountpoint/path/to/repo.
This is probably easier to set up, but it is not very secure, so it shouldn't be used outside local network. Also in this case hooks on the windows machine won't be executed (in fact git will try to execute them on the Linux machine, but they either won't run there or can be bypassed anyway), so you can't apply advanced security.
A particular file is not relevant, you need to give path to the directory containing .git subdirectory or to the directory that is a bare repository (path/to/repo above).
First of all, the git repository is just a bunch of files you need to access. You wrote about cloning and fetching repository, and this is easy part - you just need to access the files (and have read rights).
It can be done by direct access to filesystem, by http(s) protocol, or by ssh connection. Actually, there is even a way to do it by ftp server.
What you can do:
1) set the ssh server, then access the git files via ssh server - actually, the path you should use depends on the ssh server you use on windows: source
2) set the web server to access the file:
git clone http://host/path/to/repo
3) mount filesystem from windows on your linux machine and clone repo:
git clone /mnt/filesystem/path/to/repo
Despite the method you choose I suggest to consult the apropriate chapter from Pro Git Book

How can I get git to work with a remote server?

I am the CM person for a small company that just started using Git. We have two Git repositories currently hosted on a Windows box that is our all-purpose Windows server. But, we just set up a dedicated server for our CM software on an Ubuntu Linux server named "Callisto".
So I created a test Git repository on Callisto. I gave its directory all of the proper permissions recursively. I had the sysadmin create a login for me on Callisto, and I created a key to use for logging in via SSH. I set up my key to use a passphrase; I don't know if that could be contributing to my problems? Anyway, I know my SSH login works because I tested it through puTTY.
But, even after hours of trials and head scratching, I can't get my Windows Git bash (mSysGit) to talk to Callisto for the purposes of pushing or pulling Callisto's git repository files.
I keep getting "Fatal error. The remote end hung up unexpectedly." And I've even gotten the error that Git doesn't recognize the test repository on Callisto as a git repository. I read online that the "Fatal error...hung up unexpectedly" is usually a problem with the server connection or permissions. So what am I missing or overlooking here? And why doesn't a pull using the git:// protocol work, since that only uses read-only access? Group and public permissions for the git repository's directory on Callisto are set to read and execute, but not write.
If anyone could help, I would be so grateful. Thank you.
If you use putty/pageant, check if your host is in the know_hosts file in
docssettings/userdir/.ssh
If not, try putty first and accept the key your server provides.
Do you have similar lines in .git/config?
[remote "origin"]
url = ssh://user#server/.../repo.git
I have only passing familiarity with mSysGit, but I don't think it installs an ssh client. Without the ssh client, git cannot connect to the server. (This functionality isn't baked into git as per the Unix philosophy.) As for the git protocol, unless the server has that enabled, it won't work. Since it seems you have the server setup for ssh access, I doubt you'll get anywhere with the git protocol.
Anyway, I know my SSH login works
because I tested it through puTTY.
Have you confirmed that you can SSH to the server from your msysgit client?
i.e. what happens when you ssh user#callisto.com from the msysgit command line?
For further details about setting up your git server, you may want to review Pro Git: Chapter 4 "Git on the Server".
And why doesn't a pull using the
git:// protocol work, since that only
uses read-only access?
For the git protocol to work, you must setup the git daemon on your server as described in Chapter 4.9 of Pro Git.
You may also want to take a look at this answer to a related SO question. It has a more detailed checklist of things to consider.

Clone TFS-GIT repository to GIT repository (Linux) by using GIT

We have Redhat Linux server, GIT was already installed on this server and we need to create a local repository.
We have TFS-GIT project in TFS 2015, we need to clone the TFS-GIT repository to the GIT repository on Linux by using GIT commands.
For this task, we created a empty local repository on Linux, and configured the basic authentication and configured the SSL certification by using server manager.
Still getting "Fatal: authentication error" to connecting TFS-GIT repository on windows server 2012 . We tried in different ways but still we are getting same error.
Am using my basic credentials like which I used for server logins and I have only id and password for everything.
Is there any specific kind of passsord I need to use for this?
Please advise me on this
Thanks in advance
You have done all as it should be.
You need to copy your public key of the desired user to the Unix server as well so it will work.
How to setup ssh-key?
# generate the key (local machine)
ssh-keygen -t rsa
# copy the generated key to your unix machine (server)
# the key is in : %HOME%/.ssh/id_rsa.pub
# In widows its under your user account: Users/<user_name>
Other ways
If you have only username and password you might need to use http/https.
Read here how to set it up/

Resources