Last Updated: 10 Jan 2011
Setting Up Subversion (SVN) with SSH (svn+ssh)
This is a quick guide on how to setup subversion using svn+ssh. svn+ssh lets us tunnel a subversion session over the secure SSH protocol, which means all data and passwords are encrypted. I like setting subversion up this way because:
- it authenticates against a real user account, so you don't have to maintain a seperate set of subversion logins and passwords.
- it is secure, so you don't have to worry about data or passwords being intercepted in transit.
This was done on CentOS, but the instructions apply to most any OS.
- Install Subversion. The mechanics of installing it vary OS by OS; see the 'Getting subversion' page for more. On CentOS, you'll do:
yum install subversion
- Create a Repository. This is where all your files will be stored. You can put this anywhere; I generally think
/var/svn/reposis a good place. Call your repo whatever you want; I used 'my_code':
mkdir /var/svn mkdir /var/svn/repos svnadmin create /var/svn/repos/my_code
- Setup a svn group. You'll need all your users to be members of the same group. I generally setup an
svngroup, and give access to anybody who needs to access subversion.
- Give your group ownership of the repos directory.
chown -R :svn /var/svn/repos/
- Set permissions on same.
chmod -R 775 /var/svn/repos/
- Setup a user for each person who needs svn access. See Adding a User & Groups in CentOS.
- Add those users to the
- Create a wrapper for
svnserveis the server component of subversion; when your subversion client connects via SSH, it spawns an instance of
svnserverunning under your user account. The problem here is the 'under your user account' part; that means it is running under your user account's permissions setup. By default, your permissions don't allow anyone else access to your files, and yet
svnserveis going to be writing files in the common user directory at
/var/svn/reposthat everyone needs write access to. Therefore, we can create a wrapper script that sets a
umaskfor group-writable peermissions right before svnserve is called:
#!/bin/sh # set the umask so files are group-wriable umask 002 # call the 'real' svnserve, also passing in the default repo location exec /usr/bin/svnserve "$@" -r /var/svn/repos
Save this somewhere, like
/var/svn/svnwrapper.sh. Make a symlink in
cd /usr/local/bin ln -s /var/svn/svnwrapper.sh svnserve chmod 755 /var/svn/svnwrapper.sh
Update 2 Dec 2010: Per the comments from Fred & Timothy Boronczyk, I now recommend that you put the symlink in
/usr/binas I originally recommended. This means you avoid having to move the original
/usr/bin. The above scripts have been updated to reflect this new approach.
- Import your initial directory set. Generally, you'll want a set of directories called 'trunk', 'tags' and 'branches' at the lowest level of your repository. To get this setup:
mkdir code mkdir code/trunk mkdir code/tags mkdir code/branches svn import code svn+ssh://USERNAME@SERVER/my_code -m 'inital import' rm -rf code
That's it. The server is now setup.
To checkout files, go to your local machine and issue a checkout command:
svn co svn+ssh://USERNAME@SERVER/my_code my_code_local_dir
In reality, you'll probably want to use a fancy graphical client like TortiseSVN (Windows) or Versions (OS X) to access your subversion server. Getting those setup is beyond the scope of this document, but there are many excellent tutorials.