One of important aspects when I am selecting hosting provider is subversion support. My previous host provider, DreamHost, had it, as well as my current host, Mediatemple (I am using (gs) – Grid Service option).
However, while DreamHost was allowing access to subversion repository over http protocol, Mediatemple is more strict: it requires to use svn+ssh (svn protocol over ssh). It proved that setting up this kind of access using great Windows subversion client, TortoiseSVN is a bit of a pain.
So, here is what helped me to get that done.
Ingredients
I will assume following data:
- your domain hosted with media temple is yourdomain.com
- your admin account is serveradmin@yourdomain.com
- your domain account is 12345 (you can find out right number in MediaTemple Account Center -> Server Guide -> System Paths)
- you followed this Mediatemple kb article and created repository named myrep
Software prerequisites are:
- TortoiseSVN
- PuTTY (take Zip with all binaries)
Generating public/private pair of keys
In order to access your subversion repository over ssh, you need to create pair of keys: private and public key which will be used for authentication of access to repository. Public key should be stored on your host account, while private key is your own and you should take great care not to give access to private key to anyone else.
Do ssh to your host (you can use PuTTY for this) and make sure that you are in your .home directory (use pwd command):
yourdomain.com@n10:~$ pwd
/home/12345/users/.home
yourdomain.com@n10:~$
Now, create your public/private keys executing ssh-keygen -t dsa; you will get something like:
yourdomain.com@n10:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/12345/users/.home/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/12345/users/.home/.ssh/id_dsa.
Your public key has been saved in /home/12345/users/.home/.ssh/id_dsa.pub.
The key fingerprint is:
0b:34:9e:2d:b4:d8:b1:ca:f4:a0:06:91:7f:18:15:0e
You can safely press Enter on all three questions (file / passphrase / passphrase repeated)
Previous process will create two files, located here:
/home/12345/users/.home/.ssh/id_dsa – private key
/home/12345/users/.home/.ssh/id_dsa.pub – public key
Than download (you can use FTP) file id_dsa to your computer (I will assume that you dowloaded into folder C:UsersDejanDocumentsKeys) and DELETE it from server:
yourdomain.comg@n10:~$ cd .ssh
yourdomain.com@n10:~/.ssh$ rm id_dsa
While still in shell window, rename public key id_dsa.pub to authorized_keys:
yourdomain.comg@n10:~/.ssh$ mv id_dsa.pub authorized_keys
Converting private key to PuTTY format
One final step is converting private key id_dsa to .ppk format understandable by PuTTY; navigate to PuTTY folder and fire up PuTTYGEN.Exe, and:
- Load id_dsa to PuTTYGEN
- Give comment so that you know purpose of the key
- Assign strong key passphrase (more on this later on)
- Save private key as mt-svn.ppk file
With of without passphrase?
Step 3. above has multiple implications to the rest of the process; if you select to have passphrase to protect your private key, you will need to enter that passphrase at least when logging in computer, in order to “unlock” your private key.
If you decide not to have passphrase, you won’t need to use Pageant or any other method for managing key. However, this is basically as having heavy iron doors w/o lock. I strongly suggest to assign strong passphrase to your key.
Testing access
Now it is time to check if the keys are ok, access ok, and that everything works as expected. Use CMD prompt, navigate to PuTTY folder and execute following:
PuTTY.exe -ssh -2 -i “C:UsersDejanDocumentsKeysmt-svn.ppk” yourdomain.com
When prompted, enter ONLY your username ( serveradmin@yourdomain.com ) – you should be logged on Mediatemple server WITHOUT need to enter password. If that is not true, some of the steps above were missed – check above.
Configuring TortoiseSVN
Ok, now is time to configure TortoiseSVN to access above repositroy. Right click anywhere on empty space in Windows Explorer, and select TortoiseSVN -> Settings; navigate to Network section and setup SSH client as:
"C:Program FilesTortoiseSVNbinTortoisePlink.exe" -i "C:UsersDejanDocumentsKeysmt-svn.ppk"
Update 2009-11-08: Also, you can try this as well:
"C:Program FilesTortoiseSVNbinTortoisePlink.exe" -i "C:UsersDejanDocumentsKeysmt-svn.ppk" -P 22
(adding port command, thanks to comment by Didier)
(of course, this will vary depending where you installed TortoiseSVN and on location / name of your private key)
Why TortoisePlink when we were talking about PuTTY all the time? Well, TortoisePlink is just custom version of PuTTY, and it is part of TortoiseSVN and all above can be applied to it.
Browsing repository for the first time
Finally, lets test access to repository; right click anywhere on empty space in Windows Explorer, and select TortoiseSVN -> Repo-browser and enter URL:
svn+ssh://serveradmin@yourdomain.com@yourdomain.com/home/12345/data/svn/myrep
You should be asked (twice) for your passphrase, and after short time, presented with your svn repository on Mediatemple.
Using Pageant for key store
Annoying part of ssh access is that every time you ask connection toward server (and that is basically ANY operation) you will be prompted for passphrase; that is not comfortable way of working 🙂
Solution to this is another PuTTY application – Pageant – SSH authentication agent; it holds your private keys in memory, already decoded, so that you can use them often without needing to type a passphrase.
You can either start Pageant manually, and press “Add Key” to import your private key, or you can make it part of the start up group, giving list of keys to be imported:
PageAnt.exe "C:UsersDejanDocumentsKeysmt-svn.ppk"
In that case, you would be asked just once when you log on for passphrase.
Now you are good to go with TortoiseSVN on Windows and Mediatemple subversion repository using svn+ssh 🙂
Great tutorial. I followed it but it’s not wokring. It just keeps asking me for the passwords.
So I have a few questions:
1. Do I have to create key from within PuTTy, or can I use puttygen.exe for this?
2. Does both files (private and public) need to reside in /.home/.ssh folder?
3. Is it correct to use “serveradmin@yourdomain.com@yourdomain.com” in the path name?
1. Create keys on server, both public and private; use PuttyGen just to CONVERT (not create) PRIVATE one (id_dsa) to Putty format (mt-svn.ppk)
2. No. Leave JUST public key there, id_dsa.pub, renamed to authorized_keys
Also, verify that permission on this file is 606.
3. Yes, it is; there are other versions mentioned ( serveradmin%yourdomain.com@yourdomain.com ) but above works just fine for me.
What happened when you tested connection as suggested above?
Never mind. Delete this and my first comment. It all works. Not sure where it went wrong the first time.
Will leave it – it just give more info for others 🙂 Space is cheap 🙂
Hi Dejan
Thanks for the time you have taken to publish this really helpful article.
I’m stuck on one thing
When I do pwd in the repository directory I get
/home/xxxxxx/users/.home/data/svn/prema
svn+ssh://serveradmin@domain.com@domain.com/home/65009/data/svn/prema
Doesn’t seem to work, nor with the full path indicated above
– Have created the public key / private key
– transferred private to MyDocs,
– Putty logs in from the command line as mentioned
Tortoise errors with
“Network Connection Closed Unexpectedly”
I’d be grateful for any tips !
Kind regards and thanks again
Mike
It is expected that pwd give different path – that is internal {mt} path which will get translated properly.
Two things:
– make sure that you have latest TortoiseSVN; some older versions had problem with svn+ssh
– use whole line from Settings / Network, copy it to command prompt, append domain.com at the end and test; it should ask you for username (enter serveradmin@domain.com) and if all ok, nothing else.
If it asks you for Password that something is wrong with key (check path).
Hi Dejan !
Thanks very much for the explanation!
We will try again and see what happens and let you know
Thanks very much
Kind regards
Mike
We wrote a similar article for the DV 3.5 servers, enjoy : http://www.debuggeddesigns.com/blog/view/how-to-setup-a-subversion-svn-repo-on-a-media-temple-dv-3.5-server
Hi Dejan!
is the any way not to use public and private keys?
i tried just to type “svn+ssh://serveradmin@yourdomain.com@yourdomain.com/home/12345/data/svn/myrep” into repo-browser field and i was asked for username and password, but i couldn’t logg in. If using keys is the only way, could you suggest how to use several accounts to access repository? Should i create a few public/private key pairs?
I believe that over ssh you have to use public/private keys.
So, by analogy, try with different pairs of public/private keys, that should do the trick – I did not try myself that, to be honest.
Hi Dejan,
Thanks for the tutorial: helped me a whole lot to set up SVN with TortoiseSVN.
One complement though: on the very last version of TortoiseSVN, I had to add -P 22 on the TortoisePLink command line for Network > Settings. Else, TortoisePlink would default to port 0 instead of 22 and it wouldn’t work.
Maybe you should complete the tutorial on this part.
regards
didier
Thank you very much for addition. Will add in main article.
fyi
i had to change the svn repos directory when accessing it with tortoisesvn:
in stead of
svn+ssh://serveradmin@yourdomain.com@yourdomain.com/home/12345/data/svn/myrep
i used
svn+ssh://serveradmin@yourdomain.com/home/12345/data/svn/myrep
Very well done, thanks!!
Hi,
Thanks for a great post. Everything worked for me but connecting with TortoiseSVN. I’m using WinXP and couldn’t connect with TortoiseSVN at all even though PuTTY was fine. The problem was due to not creating a new Saved Session. For some reason TortoiseSVN doesn’t like it if the “Default Settings” in PuTTY are not blank. I’ve blogged about this here: http://blog.sitedaniel.com/2010/01/tortoisesvn-putty-mediatemple-gridserver-winxp-set-up/
Cheers
Daniel, thanks for additional info.
The main thing that went wrong with me was that when I passed the file name to putty.exe. It didnt like the double-quotes.
And gave the error:
“Unable to use key file “C:UsersDaveDocumentsKeysmt-svn
.ppk” (unable to open file)”
putty.exe -ssh -2 -i C:UsersDaveDocumentsKeysmt-svn
.ppk
Well, you are lucky because there is no space in your path so double quotes are not necessary.
Well, you are lucky because there is no space in your path so double quotes are not necessary.
I followed the steps but while Browsing repository for the first time i am getting error “Network error: Connection time out”
Any suggestion please?
If you checked with Putty and all works fine, that leaves just simple connectivity issue.
Do you have maybe firewall / router with strict rules? I believe that for SSH you need to have traffic toward TCP/IP port 22 enabled.
I think that these instructions are not complete. Here’s the relevant TortoiseSVN documentation: https://tortoisesvn.net/ssh_howto.html
Note the additional server-side setup described under “Testing SSH with TortoiseSVN”.