Sorry for message without content, re-sending with content. > On Mon, Feb 22, 2021 at 3:25 PM Yasuhito FUTATSUKI
> > If you want to use ssh key other than default key or alternative tcp port > > other than 22, you can use them by overriding ssh tunnel setting with > > SVN_SSH > > environment variable or config file, etc. (Of course, if you want to use non > > standard port for ssh connection you also need to change configuration of > > sshd on server side). No. SSh keys without passphrases are much like Post-it notes with passwords on them, or stored passwords in Subversion. Tools that can write to a source control without anyone unlocking the key are quite dangerous. It's straightforward to use ssh-agent to unlock and store access to the key after a server is booted, but requiring a console to set up *once* and save long-term. The old "keychain" tool works quite well for this, and can enable ephemereal access to a live ssh-agent as needed. For automated build tools like Jenkins, they can even store the private key internally, encrypted with the SSH server's encryption, and restricted to certain Jenkins "folders" for project specific access. I use this approach regularly for Jenkins and source control. SSH access is also vulnerable to changing host keys in DHCP based environments. Do look up SSH hostkeys and the keyword "/dev/null" to find many notes about how to disable this, including ones I've been publishing for decades.
