On Sat, Jun 11, 2011 at 8:27 AM, Nico Kadel-Garcia <nka...@gmail.com> wrote:
> On Fri, Jun 10, 2011 at 6:26 PM, Geoff Hoffman > <ghoff...@cardinalpath.com> wrote: > > I posted about this on the Ubuntu forums but thus far nobody has replied. > > When SSH'd into the box and using svn operations, I'm getting the > dastardly > > warning about my password is going to get stored to disk unencrypted. > > I read about Subversion 1.6 security changes. > > I read about Subversion 1.6 on Ubuntu Server over at superuser.com. > > I read about gnome-keyring over at stackoverflow. > > I've been doing a lot of reading on it. > > I have done the following: > > * installed gnome-keyring > > *edited my ~/.subversion/config to turn > > password-stores = gnome-keyring > > edited my ~/.subversion/servers to > > store-passwords = yes > > store-plaintext-passwords = no > > Thing is, I'm not using any GUI so it's still not working. Should I try > > encfs ? > > I read another post about a tool from CollabNet called keyring_tool but I > > don't have it on this system. Where do I get that? I've never run into > these > > issues before (new distro, new svn version). > > Any additional insight would be very much appreciated. > > I have *never* gotten the gnome keyrings working well with Subversion. > I'm afraid there are a lot of subtly distinct implementations of the > necessary toolchain out therem abd the lot of them tend to be pretty > fragile. > > Hmm. > Frankly, I find it more effective, and safer, to use SSH keys and a > key agent as necessary, with a key specifically dedicated to the SVN > access. This can be mandated with "SVN_SSH='ssh -l username -i > keyname'" to avoid using other keys. > I don't mind doing this, but is this something that goes in .bash_profile? And would I then use svn+ssh://localhost/svn/repo/etc instead of http://localhost/svn/repo/etc? > The stored SSH public keys on the remote server can even be set to > restrict access to only svnserve tunneling, even to read-only access. > Coupled with the kind of single svn user account setup described in > passing in the "Red Book", it's a better security model than giving > all SVN clients shell access to the server. >