One of important aspects when I am selecting hosting provider is subversion support. My previous host provider, DreamHost, had it, as well as my current host, Mediatemple (I am using (gs) – Grid Service option).
However, while DreamHost was allowing access to subversion repository over http protocol, Mediatemple is more strict: it requires to use svn+ssh (svn protocol over ssh). It proved that setting up this kind of access using great Windows subversion client, TortoiseSVN is a bit of a pain.
So, here is what helped me to get that done.
Ingredients
I will assume following data:
- your domain hosted with media temple is yourdomain.com
- your admin account is serveradmin@yourdomain.com
- your domain account is 12345 (you can find out right number in MediaTemple Account Center -> Server Guide -> System Paths)
- you followed this Mediatemple kb article and created repository named myrep
Software prerequisites are:
Generating public/private pair of keys
In order to access your subversion repository over ssh, you need to create pair of keys: private and public key which will be used for authentication of access to repository. Public key should be stored on your host account, while private key is your own and you should take great care not to give access to private key to anyone else.
Do ssh to your host (you can use PuTTY for this) and make sure that you are in your .home directory (use pwd
command):
yourdomain.com@n10:~$ pwd
/home/12345/users/.home
yourdomain.com@n10:~$
Now, create your public/private keys executing ssh-keygen -t dsa
; you will get something like:
yourdomain.com@n10:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/12345/users/.home/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/12345/users/.home/.ssh/id_dsa.
Your public key has been saved in /home/12345/users/.home/.ssh/id_dsa.pub.
The key fingerprint is:
0b:34:9e:2d:b4:d8:b1:ca:f4:a0:06:91:7f:18:15:0e
You can safely press Enter on all three questions (file / passphrase / passphrase repeated)
Previous process will create two files, located here:
/home/12345/users/.home/.ssh/id_dsa
– private key
/home/12345/users/.home/.ssh/id_dsa.pub
– public key
Than download (you can use FTP) file id_dsa to your computer (I will assume that you dowloaded into folder C:UsersDejanDocumentsKeys) and DELETE it from server:
yourdomain.comg@n10:~$ cd .ssh
yourdomain.com@n10:~/.ssh$ rm id_dsa
While still in shell window, rename public key id_dsa.pub to authorized_keys
:
yourdomain.comg@n10:~/.ssh$ mv id_dsa.pub authorized_keys
Converting private key to PuTTY format
One final step is converting private key id_dsa to .ppk format understandable by PuTTY; navigate to PuTTY folder and fire up PuTTYGEN.Exe, and:
- Load id_dsa to PuTTYGEN
- Give comment so that you know purpose of the key
- Assign strong key passphrase (more on this later on)
- Save private key as mt-svn.ppk file
With of without passphrase?
Step 3. above has multiple implications to the rest of the process; if you select to have passphrase to protect your private key, you will need to enter that passphrase at least when logging in computer, in order to “unlock” your private key.
If you decide not to have passphrase, you won’t need to use Pageant or any other method for managing key. However, this is basically as having heavy iron doors w/o lock. I strongly suggest to assign strong passphrase to your key.
Testing access
Now it is time to check if the keys are ok, access ok, and that everything works as expected. Use CMD prompt, navigate to PuTTY folder and execute following:
PuTTY.exe -ssh -2 -i “C:UsersDejanDocumentsKeysmt-svn.ppk” yourdomain.com
When prompted, enter ONLY your username ( serveradmin@yourdomain.com ) – you should be logged on Mediatemple server WITHOUT need to enter password. If that is not true, some of the steps above were missed – check above.
Configuring TortoiseSVN
Ok, now is time to configure TortoiseSVN to access above repositroy. Right click anywhere on empty space in Windows Explorer, and select TortoiseSVN -> Settings; navigate to Network section and setup SSH client as:
"C:Program FilesTortoiseSVNbinTortoisePlink.exe" -i "C:UsersDejanDocumentsKeysmt-svn.ppk"
Update 2009-11-08: Also, you can try this as well:
"C:Program FilesTortoiseSVNbinTortoisePlink.exe" -i "C:UsersDejanDocumentsKeysmt-svn.ppk" -P 22
(adding port command, thanks to comment by Didier)
(of course, this will vary depending where you installed TortoiseSVN and on location / name of your private key)
Why TortoisePlink when we were talking about PuTTY all the time? Well, TortoisePlink is just custom version of PuTTY, and it is part of TortoiseSVN and all above can be applied to it.
Browsing repository for the first time
Finally, lets test access to repository; right click anywhere on empty space in Windows Explorer, and select TortoiseSVN -> Repo-browser and enter URL:
svn+ssh://serveradmin@yourdomain.com@yourdomain.com/home/12345/data/svn/myrep
You should be asked (twice) for your passphrase, and after short time, presented with your svn repository on Mediatemple.
Using Pageant for key store
Annoying part of ssh access is that every time you ask connection toward server (and that is basically ANY operation) you will be prompted for passphrase; that is not comfortable way of working 🙂
Solution to this is another PuTTY application – Pageant – SSH authentication agent; it holds your private keys in memory, already decoded, so that you can use them often without needing to type a passphrase.
You can either start Pageant manually, and press “Add Key” to import your private key, or you can make it part of the start up group, giving list of keys to be imported:
PageAnt.exe "C:UsersDejanDocumentsKeysmt-svn.ppk"
In that case, you would be asked just once when you log on for passphrase.
Now you are good to go with TortoiseSVN on Windows and Mediatemple subversion repository using svn+ssh 🙂