#87 svn + ssh agent proxy integrations

None
open
Dale Anson
None
5
2014-07-19
2008-07-07
No

The SVN plugin so far has treated me well when I only need anonymous access to servers. However, I have quite a few servers and projects that only accept SSH access, and for those I need to use svn+ssh from the commandline.

I note that the SSH plugin allows for use of ssh keys. Rather than duplicating this functionality in the SVN plugin, is there a possibility of "if SSH plugin is installed, enable SSH style logins"?

Or something that would enable the use of SSH keys for authentication?

Discussion

  • Logged In: YES
    user_id=1271235
    Originator: YES

    Heh, so totally didn't reread that to edit my thought process. :-) Basically, I'm requesting that the SVN plugin get SSH ability, including the ability to use SSH keys.

     
  • Dale Anson
    Dale Anson
    2008-07-08

    Logged In: YES
    user_id=187628
    Originator: NO

    Yeah, that's been on my list for the longest. It's not something I ever use, so it hasn't been high priority. I'll see if I can get it moved up the list.

     
  • Dale Anson
    Dale Anson
    2008-07-08

    • assigned_to: nobody --> daleanson
     
  • Dale Anson
    Dale Anson
    2008-07-08

    Logged In: YES
    user_id=187628
    Originator: NO

    Okay, so I mis-read the original request. The SVN Plugin does support svn+ssh, which is the part that is on my list to do but had never checked until tonight. You're asking that SSH keys be supported though, so I'll look into that as well.

    I'll update the docs, but to use svn+ssh, you have to set it up with an svn+ssh url. Go to the SVN Browser, then use the 'New' button to add a repository location. In the URL field, enter a url like "svn+ssh://hostname/path/to/repository". You'll have to enter a username and password until I figure out how to make it use your SSH key, but other than that, it should work fine.

     
  • Dale Anson
    Dale Anson
    2008-07-08

    Logged In: YES
    user_id=187628
    Originator: NO

    Here's a way to do it for now. I'll get a GUI dialog set up for this fairly soon.

    In a new buffer, enter these lines and edit as appropriate:

    System.setProperty("svnkit.ssh2.key", "/path/to/private/key/file");
    System.setProperty("svnkit.ssh2.username", "yourlocalusername");
    System.setProperty("svnkit.ssh2.password", "yourlocalpassword");

    If necessary, add these lines too:
    System.setProperty("svnkit.ssh2.passphrase", "optionalPassphrase");
    System.setProperty("svnkit.ssh2.port", "optionalPort");

    Select all the lines, then go to Utilities/Beanshell/Evaluate Selection.

    Now use the SVN Browser, add a new repository location with a svn+ssh url. Leave the username and password blank. You'll be able to browse the repository, do a check out, and all the other svn commands. The downside of this work=around is you'll have to do this each time you start jEdit until I get the GUI added to the plugin.

     
  • Logged In: YES
    user_id=1271235
    Originator: YES

    > Which recommends against using svn+ssh

    Interesting and thanks for finding that. I had not read that particular blurb. And heh. Recommend *heavily* against it more like it. They're reasoning makes sense, and for future projects that *I* set up, I'll keep that in mind. Thanks for that.

    From-the-department of unsolicited advice/suggestions: since at least one person missed that recommendation, and recognizing it really *isn't* jEdit's job, would a small note be useful when folks choose the svn+ssh:// url via your GUI? Perhaps point to the svnbook or something? Probably not since it's not jEdit's responsibility, but it's a thought, for those admins who also use jEdit. :-)

    > Here's a way to do it for now.

    In the mean time, I do have projects for which I'm *not* the admin and the only access the local administrators allow is through ssh, so I highly appreciate your workaround. Good stuff!

     
  • Dale Anson
    Dale Anson
    2008-07-08

    Logged In: YES
    user_id=187628
    Originator: NO

    I need a little help with this one. Considering these properties:

    System.setProperty("svnkit.ssh2.key", "/path/to/private/key/file");
    System.setProperty("svnkit.ssh2.username", "yourlocalusername");
    System.setProperty("svnkit.ssh2.password", "yourlocalpassword");
    System.setProperty("svnkit.ssh2.passphrase", "optionalPassphrase");
    System.setProperty("svnkit.ssh2.port", "optionalPort");

    I'm thinking that the port would be per project, where the rest are for the local machine.

    Does it seem reasonable that the plugin should provide text fields for the user to enter password and pass phrase? If not, when would be the right time to request those be entered by the user?

    I don't see any problem with the key path nor the username, it's the password and pass phrase that cause me some concern. Right now, the plugin does cache username and password (encrypted, of course) for the repositories, so maybe having the plugin cache local password and pass phrase is okay too?

     
  • Alan Ezust
    Alan Ezust
    2014-07-19

    Dale asks: "Does it seem reasonable that the plugin should provide text fields for the user to enter password and pass phrase? If not, when would be the right time to request those be entered by the user?"

    My answer: No. And those workarounds you have where the password is stored plaintext as a property are a bad idea. Please don't do that in any actual plugins.

    With proper agent integration, you won't need to ask the user for a password or passphrase, because the keys will be provided by the agent that is already running on the system.

     
  • Alan Ezust
    Alan Ezust
    2014-07-19

    • summary: svn + ssh agent integrations --> svn + ssh agent proxy integrations