First, a quick introduction to what's going on, if you haven't used SSH with keys before. The idea of using keys is to avoid using passwords - instead, your public key is on the server and when you connect, you identify yourself with your private key (which, as the name suggests, should only be available to you). You can read details of how it works and what it involves over at
http://sshkeychain.sourceforge.net/mirrors/SSH-with-Keys-HOWTO/SSH-with-Keys-HOWTO-3.html.
A. Get your public and private keys
- Login to the machine to which you’ll be connecting (the host where the SVN server is running).
- Generate a key secured by a 1024-bit passphrase and the name mykey using the command ssh-keygen -b 1024 -t dsa -N passphrase -f mykey (replace passphrase with an actual passphrase of your choice – it needn’t be the same as your account password; in fact, it might make sense for it not to be).
- The files mykey and mykey.pub will be created – the private and public keys respectively.
- In your home directory, create a new directory named .ssh – and use the command chmod 700 .ssh to set the appropriate permissions on that folder.
- Copy the public key to this folder and rename it to authorized_keys (cp mykey.pub /home-directory/.ssh/authorized_keys) and then set the appropriate permissions (chmod 600 authorized_keys). In older implementations, authorized_keys2 was the name used for the key.
- Copy the private key (mykey) to the machine where you’ll make the connection (the client where TortoiseSVN will be used)
B. Test the connection with PuTTY, PuTTYgen and Pageant
- The problem here is that the key generated on the host isn’t directly usable by PuTTY; it must be converted using PuTTYgen. Use Conversions > Import key to import your private key (mykey) and then Save private key as mykey.ppk (or whatever you prefer).
- In PuTTY, create a new session with mykey.ppk as the private key under SSH > Auth > Private key file for authentication
- Try to connect – if you’ve not specified the username as part of the the host name (in the form username@host), you’ll be prompted for the username but not for the password. You should see something like
Using username "username".
Authenticating with public key "imported-openssh-key" from agent
Last login: Fri Feb 12 17:21:41 2010 from c-99-250-91-125.hmd2.ca.comcast.net
- Once you’ve verified that your key works, you can optionally begin using Pageant instead to save your keys (perhaps for multiple user names) instead of specifying a key within the session details – choose to Add Key, select the private key and specify the passphrase for it – they key should be added to your list.
- Try to connect via PuTTY, except this time, remove the private key from SSH > Auth > Private key file for authentication – PuTTY should then use the key details from Pageant.
To avoid having TortoiseSVN (or PuTTY) prompt you for the username when connecting, you can use the form username@host/repo-path to attempt the connection with the login username.
C. Connecting with TortoiseSVN
You can specify different ways to tell TortoiseSVN how to connect to your repository – by giving the name of the PuTTY connection you created above or by using Pageant; I used Pageant
- Make sure you’ve got Pageant running and have imported the key as described above.
- The repository URL should be of the form svn+ssh://hostname/repo-path. For a PuTTY connection, the URL svn+ssh://PuTTY-Connection-Name/repo-path is supposed to be used.
- This should be enough to connect to the SVN server.
If you keep getting a dialog titled TortoisePlink that asks you to 'login as', then you're probably seeing the bug described at
http://old.nabble.com/Bug-with-TortoisePlink-td18812277.html. The workaround that the poster described is to clear the value for the registry key
HKEY_CURRENT_USER > Software > SimonTatham > Putty > Sessions > Default Settings > HostName.
Apparently if there is a hostname specified in the default connection in PuTTY, this problem manifests itself. Even if you don't see any value in the PuTTY interface, you should clear the key in the registry.
As always, be warned that editing the registry is fraught with danger, so backup and think twice before changing anything.
If you're not using keys, you'll probably see the dialogs asking for username and password pop-up over and over - with the repository I'm connecting to, I have to authenticate thrice when I first try to browse the repository and subsequently, once more for every new directory I select. So it seems like a new connection is setup for every request but I'm not sure.
UPDATE [1630 18 Feb 2010]: I'd mixed up the permissions for the .ssh folder and the authorized_keys file. Also added some more information and a fix for the TortoisePlink 'login as' dialog.