LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-14-2017, 11:07 PM   #16
rachaelw
LQ Newbie
 
Registered: Apr 2017
Location: Southern California
Distribution: Fedora Server, Ubuntu
Posts: 17

Original Poster
Rep: Reputation: Disabled

Ah, now that makes sense. I was googling it earlier this evening, and I figured that it was done through ~/.ssh/config file, but I just wasn't sure how. I'm going to give it a try now.
 
Old 04-14-2017, 11:34 PM   #17
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,067
Blog Entries: 3

Rep: Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523
Ok. All your options are found in the manual page.

Code:
man ssh_config
You can do just about everything except -f and -N via the config file.
 
1 members found this post helpful.
Old 04-14-2017, 11:42 PM   #18
rachaelw
LQ Newbie
 
Registered: Apr 2017
Location: Southern California
Distribution: Fedora Server, Ubuntu
Posts: 17

Original Poster
Rep: Reputation: Disabled
It connects!!!! Yay!

But...this penguin hates me. Now it says:
Quote:
Killed by signal 15.
svn: E170013: Unable to connect to a repository at URL 'svn+ssh://svn@svn_code/occo_repo'
svn: E210005: No repository found in 'svn+ssh://svn@svn_code/occo_repo'
Why little penguin? Why??? I created the repo. It has the files. Sigh... off to google again.

Edit: I checked the service and I'm fighting the following error:
Quote:
● svnserve.service - Subversion protocol daemon
Loaded: loaded (/usr/lib/systemd/system/svnserve.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2017-04-14 22:10:27 PDT; 6min ago
Process: 15384 ExecStart=/usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid $OPTIONS (code=exited, status=1/FAILURE)

Apr 14 22:10:27 systemd[1]: Starting Subversion protocol daemon...
Apr 14 22:10:27 svnserve[15384]: svnserve: E200009: Root path '/var/svn' does not exist or is not a directory
Apr 14 22:10:27 systemd[1]: svnserve.service: Control process exited, code=exited status=1
Apr 14 22:10:27 systemd[1]: Failed to start Subversion protocol daemon.
Apr 14 22:10:27 systemd[1]: svnserve.service: Unit entered failed state.
Apr 14 22:10:27 systemd[1]: svnserve.service: Failed with result 'exit-code'.
Looks like the problem is the subversion config for the root path.

Last edited by rachaelw; 04-15-2017 at 01:09 AM.
 
Old 04-15-2017, 01:09 AM   #19
rachaelw
LQ Newbie
 
Registered: Apr 2017
Location: Southern California
Distribution: Fedora Server, Ubuntu
Posts: 17

Original Poster
Rep: Reputation: Disabled
The first time I setup subversion I created the repository at /var/svn/occo_repo. When I removed everything I deleted that folder. Apparently it is still looking for /var/svn. So I created a new repository in /var/svn and restarted the svnserve.service. That actually worked in getting the service running again. Yay! But...it still doesn't see the new repository. I tried chmod 777 -R /var/svn to flush out if it is a permissions issue, but no dice. I am going to try again tomorrow.
 
Old 04-21-2017, 04:05 PM   #20
rachaelw
LQ Newbie
 
Registered: Apr 2017
Location: Southern California
Distribution: Fedora Server, Ubuntu
Posts: 17

Original Poster
Rep: Reputation: Disabled
I started looking at this again a couple of days ago. I re-read chapter 6 of the svn book regarding server setup and ssh configuration, but I honestly can't find an answer. This has to be something insanely simple that I'm missing. Here's what I've got:

1. svnadmin info sees the repository in /var/svn/occo_code_repo:
Code:
[svn@zdt bin]# svnadmin info /var/svn/occo_code_repo
Path: /var/svn/occo_code_repo
UUID: 9195e702-5edb-43b3-b99b-...
Repository Format: 5
Compatible With Version: 1.9.0
Repository Capability: mergeinfo
Filesystem Type: fsfs
Filesystem Format: 7
FSFS Sharded: yes
FSFS Shard Size: 1000
FSFS Shards Packed: 0/0
FSFS Logical Addressing: yes
Configuration File: /var/svn/occo_code_repo/db/fsfs.conf
2. ssh connects correctly to the host, svn_code, created in /home/svn/.ssh/config . Here is the file:
Code:
[svn@zdt svn]$ cat /home/svn/.ssh/config
Host svn_code SVN_CODE
HostName 192.168.<redacted>
User svn
IdentityFile /home/svn/.ssh/svn_private
3. svn list does not find the repository using the svn+ssh URL. I tried using just svn_code/occo_code_repo as well.
Code:
[svn@zdt svn]$ svn list svn+ssh://svn_code/var/svn/occo_code_repo
Killed by signal 15.
svn: E170013: Unable to connect to a repository at URL 'svn+ssh://svn_code/var/svn/occo_code_repo'
svn: E210005: No repository found in 'svn+ssh://svn_code/var/svn/occo_code_repo'
[svn@ZDT svn]$
4. My subversion config file is located in /root/.subversion/config . I wonder if this file is in the wrong location. Anyway, here is the config file.
Code:
 [root@zdt .subversion]# cat config
### This file configures various client-side behaviors.
###
### The commented-out examples below are intended to demonstrate
### how to use this file.

### Section for authentication and authorization customizations.
[auth]
### Set password stores used by Subversion. They should be
### delimited by spaces or commas. The order of values determines
### the order in which password stores are used.
### Valid password stores:
###   gnome-keyring        (Unix-like systems)
###   kwallet              (Unix-like systems)
###   gpg-agent            (Unix-like systems)
###   keychain             (Mac OS X)
###   windows-cryptoapi    (Windows)
# password-stores = gpg-agent,gnome-keyring,kwallet
### To disable all password stores, use an empty list:
# password-stores =
###
### Set KWallet wallet used by Subversion. If empty or unset,
### then the default network wallet will be used.
# kwallet-wallet =
###
### Include PID (Process ID) in Subversion application name when
### using KWallet. It defaults to 'no'.
# kwallet-svn-application-name-with-pid = yes
###
### Set ssl-client-cert-file-prompt to 'yes' to cause the client
### to prompt for a path to a client cert file when the server
### requests a client cert but no client cert file is found in the
### expected place (see the 'ssl-client-cert-file' option in the
### 'servers' configuration file). Defaults to 'no'.
# ssl-client-cert-file-prompt = no
###
### The rest of the [auth] section in this file has been deprecated.
### Both 'store-passwords' and 'store-auth-creds' can now be
### specified in the 'servers' file in your config directory
### and are documented there. Anything specified in this section 
### is overridden by settings specified in the 'servers' file.
# store-passwords = no
# store-auth-creds = no

### Section for configuring external helper applications.
[helpers]
### Set editor-cmd to the command used to invoke your text editor.
###   This will override the environment variables that Subversion
###   examines by default to find this information ($EDITOR, 
###   et al).
# editor-cmd = editor (vi, emacs, notepad, etc.)
### Set diff-cmd to the absolute path of your 'diff' program.
###   This will override the compile-time default, which is to use
###   Subversion's internal diff implementation.
# diff-cmd = diff_program (diff, gdiff, etc.)
### Diff-extensions are arguments passed to an external diff
### program or to Subversion's internal diff implementation.
### Set diff-extensions to override the default arguments ('-u').
# diff-extensions = -u -p
### Set diff3-cmd to the absolute path of your 'diff3' program.
###   This will override the compile-time default, which is to use
###   Subversion's internal diff3 implementation.
# diff3-cmd = diff3_program (diff3, gdiff3, etc.)
### Set diff3-has-program-arg to 'yes' if your 'diff3' program
###   accepts the '--diff-program' option.
# diff3-has-program-arg = [yes | no]
### Set merge-tool-cmd to the command used to invoke your external
### merging tool of choice. Subversion will pass 5 arguments to
### the specified command: base theirs mine merged wcfile
# merge-tool-cmd = merge_command

### Section for configuring tunnel agents.
[tunnels]
### Configure svn protocol tunnel schemes here.  By default, only
### the 'ssh' scheme is defined.  You can define other schemes to
### be used with 'svn+scheme://hostname/path' URLs.  A scheme
### definition is simply a command, optionally prefixed by an
### environment variable name which can override the command if it
### is defined.  The command (or environment variable) may contain
### arguments, using standard shell quoting for arguments with
### spaces.  The command will be invoked as:
###   <command> <hostname> svnserve -t
### (If the URL includes a username, then the hostname will be
### passed to the tunnel agent as <user>@<hostname>.)  If the
### built-in ssh scheme were not predefined, it could be defined
### as:
ssh = $SVN_SSH ssh -q
### If you wanted to define a new 'rsh' scheme, to be used with
### 'svn+rsh:' URLs, you could do so as follows:
# rsh = rsh
### Or, if you wanted to specify a full path and arguments:
# rsh = /path/to/rsh -l myusername
### On Windows, if you are specifying a full path to a command,
### use a forward slash (/) or a paired backslash (\\) as the
### path separator.  A single backslash will be treated as an
### escape for the following character.

### Section for configuring miscellaneous Subversion options.
[miscellany]
### Set global-ignores to a set of whitespace-delimited globs
### which Subversion will ignore in its 'status' output, and
### while importing or adding files and directories.
### '*' matches leading dots, e.g. '*.rej' matches '.foo.rej'.
# global-ignores = *.o *.lo *.la *.al .libs *.so *.so.[0-9]* *.a *.pyc *.pyo __pycache__
#   *.rej *~ #*# .#* .*.swp .DS_Store [Tt]humbs.db
### Set log-encoding to the default encoding for log messages
# log-encoding = latin1
### Set use-commit-times to make checkout/update/switch/revert
### put last-committed timestamps on every file touched.
# use-commit-times = yes
### Set no-unlock to prevent 'svn commit' from automatically
### releasing locks on files.
# no-unlock = yes
### Set mime-types-file to a MIME type registry file, used to
### provide hints to Subversion's MIME type auto-detection
### algorithm.
# mime-types-file = /path/to/mime.types
### Set preserved-conflict-file-exts to a whitespace-delimited
### list of patterns matching file extensions which should be
### preserved in generated conflict file names.  By default,
### conflict files use custom extensions.
# preserved-conflict-file-exts = doc ppt xls od?
### Set enable-auto-props to 'yes' to enable automatic properties
### for 'svn add' and 'svn import', it defaults to 'no'.
### Automatic properties are defined in the section 'auto-props'.
# enable-auto-props = yes
### Set enable-magic-file to 'no' to disable magic file detection
### of the file type when automatically setting svn:mime-type. It
### defaults to 'yes' if magic file support is possible.
# enable-magic-file = yes
### Set interactive-conflicts to 'no' to disable interactive
### conflict resolution prompting.  It defaults to 'yes'.
# interactive-conflicts = no
### Set memory-cache-size to define the size of the memory cache
### used by the client when accessing a FSFS repository via
### ra_local (the file:// scheme). The value represents the number
### of MB used by the cache.
# memory-cache-size = 16
### Set diff-ignore-content-type to 'yes' to cause 'svn diff' to
### attempt to show differences of all modified files regardless
### of their MIME content type.  By default, Subversion will only
### attempt to show differences for files believed to have human-
### readable (non-binary) content.  This option is especially
### useful when Subversion is configured (via the 'diff-cmd'
### option) to employ an external differencing tool which is able
### to show meaningful differences for binary file formats.  [New
### in 1.9]
# diff-ignore-content-type = no

### Section for configuring automatic properties.
[auto-props]
### The format of the entries is:
###   file-name-pattern = propname[=value][;propname[=value]...]
### The file-name-pattern can contain wildcards (such as '*' and
### '?').  All entries which match (case-insensitively) will be
### applied to the file.  Note that auto-props functionality
### must be enabled, which is typically done by setting the
### 'enable-auto-props' option.
# *.c = svn:eol-style=native
# *.cpp = svn:eol-style=native
# *.h = svn:keywords=Author Date Id Rev URL;svn:eol-style=native
# *.dsp = svn:eol-style=CRLF
# *.dsw = svn:eol-style=CRLF
# *.sh = svn:eol-style=native;svn:executable
# *.txt = svn:eol-style=native;svn:keywords=Author Date Id Rev URL;
# *.png = svn:mime-type=image/png
# *.jpg = svn:mime-type=image/jpeg
# Makefile = svn:eol-style=native

### Section for configuring working copies.
[working-copy]
### Set to a list of the names of specific clients that should use
### exclusive SQLite locking of working copies.  This increases the
### performance of the client but prevents concurrent access by
### other clients.  Third-party clients may also support this
### option.
### Possible values:
###   svn                (the command line client)
# exclusive-locking-clients =
### Set to true to enable exclusive SQLite locking of working
### copies by all clients using the 1.8 APIs.  Enabling this may
### cause some clients to fail to work properly. This does not have
### to be set for exclusive-locking-clients to work.
# exclusive-locking = false
### Set the SQLite busy timeout in milliseconds: the maximum time
### the client waits to get access to the SQLite database before
### returning an error.  The default is 10000, i.e. 10 seconds.
### Longer values may be useful when exclusive locking is enabled.
# busy-timeout = 10000

5. I don't think that it is the sshd config, but here is /etc/ssh/sshd_config
Code:
 cat sshd_config
#	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
ListenAddress 192.168.<redacted> 
ListenAddress 127.0.0.1

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes
RSAAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	%h/.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem	sftp	/usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

AllowGroups wheel svngroup
AllowUsers rw svn
MaxAuthTries 2

Last edited by rachaelw; 04-21-2017 at 04:07 PM.
 
Old 04-21-2017, 10:44 PM   #21
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,067
Blog Entries: 3

Rep: Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523
Quote:
Originally Posted by rachaelw View Post
1. svnadmin info sees the repository in /var/svn/occo_code_repo:
Is this repository over on the machine HostName 192.168.<redacted> ?

Quote:
Originally Posted by rachaelw View Post
2. ssh connects correctly to the host, svn_code, created in /home/svn/.ssh/config .
Great. This is from the client machine, I expect.

Quote:
Originally Posted by rachaelw View Post
3. svn list does not find the repository using the svn+ssh URL.
What was the answer to question 1 above?

Quote:
Originally Posted by rachaelw View Post
4. My subversion config file is located in /root/.subversion/config . I wonder if this file is in the wrong location.
Probably. Nothing here requires or should use root.

Quote:
Originally Posted by rachaelw View Post
5. I don't think that it is the sshd config, but here is /etc/ssh/sshd_config
Looks fine and the proof of the pudding is that you can log in. However, you are using both AllowGroups and AllowUsers. Only one or the other is really needed. I'd stick with AllowGroups only.
 
Old 04-22-2017, 10:37 PM   #22
rachaelw
LQ Newbie
 
Registered: Apr 2017
Location: Southern California
Distribution: Fedora Server, Ubuntu
Posts: 17

Original Poster
Rep: Reputation: Disabled
Yes, the repository is located on 192.168.<redacted> in /var/svn.

I am initially trying to test this just from the server console itself using the URL instead of the path. Once I get this working there, then I will try to connect from my Ubuntu client.

The answer to 1. above is just that the svnadmin info command finds the path and other info for my repository, which I assume means that I created the repository directly and that the cause of my problems is related to the URL instead of some SVN config issue. Maybe?

I will try moving the subversion config file to /home/svn/.subversion/config.

Okay, thank you. I didn't know that. I will take out the AllowUsers.
 
Old 04-23-2017, 12:20 AM   #23
rachaelw
LQ Newbie
 
Registered: Apr 2017
Location: Southern California
Distribution: Fedora Server, Ubuntu
Posts: 17

Original Poster
Rep: Reputation: Disabled
Success!!! Yay! I've finally, finally gotten it to work! I'm so happy! I know it just took me forever to complete a task which an Linux admin could probably have done in less than thirty minutes, but it still feels pretty good.

I followed your advice and here is what I did:
First I updated the sshd_config file to remove the 'Allow users' line. Then I removed subversion, reinstalled as svn, renamed the /root/.subversion directory to old.subversion, restarted the svnserve service, created a new repo in /home/svn/code_repo, ran a svn list (got killed by signal 15 only), and tried an import.

Code:
 svn@zdt occo_repo]$ svn import py svn+ssh://svn_code/occo_repo -m "initial import - py"
Killed by signal 15.
Adding         py/branches
Adding         py/tags
Adding         py/trunk
Committing transaction...
Committed revision 1.
Killed by signal 15.
[svn@zdt occo_repo]$
Moral of the story: Don't su and install subversion. Oh, and be humble, very, very, humble.

Thank you so much, TurboCapitalist. I'm sure I would never have figured this out without your help. I would love to buy you a digital cup of coffee (== email you something nice) to show my appreciation for your help if you'll message me or let me know how to contact you.

Thank you again,
Rachael
 
Old 04-23-2017, 12:26 AM   #24
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,067
Blog Entries: 3

Rep: Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523Reputation: 2523
No worries. It's great that Subversion is working now. Be conservative with running things as root since using it tends to turn small problems into big ones as you see.

As much as I love coffee, the tradition is to just pay it forward. At some point you'll find a post, here or elsewhere, looking to do something with FOSS that you've done before, or even find easy, and can jump in.
 
Old 04-23-2017, 12:38 AM   #25
rachaelw
LQ Newbie
 
Registered: Apr 2017
Location: Southern California
Distribution: Fedora Server, Ubuntu
Posts: 17

Original Poster
Rep: Reputation: Disabled
You're awesome. I will pay it forward then.

Have a great evening and best of luck to you and your penguin farm.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pfx certification file to extract the RSA private/public key fantasy1215 Linux - Newbie 2 11-15-2011 02:51 AM
[SOLVED] SSH & RSA public key problems, works only for certain users? warwolf Linux - Networking 2 05-27-2011 06:17 AM
Putty/SSH login failed when using RSA public key: 'Server refused our key' itsecx@gmail.com Linux - Server 10 10-04-2010 01:19 PM
need help with SSH private/public key taduser Linux - Security 2 04-02-2007 07:07 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration