Subversion with SSH on Windows

Preparing for Subversion with SSH

I have a few files that I like to keep available on all my workstations and was having a time keeping them in sync. For example, I have used PasswordSafe since version 1.7 and have no less than 4 copies of my personal password list on various desktops.

I wanted to be able to use svn:externals to map all the repositories I wanted to sync and have it work from anywhere and be able to load repositories from multple servers if necessary. I was already using a ssh tunnel created by putty to mount a samba filesystem from my house, so I knew how to port forward, but that broke hostnames because everything would then need to be mapped to localhost.

Attempts to use OpenSSH for Windows were unsatisfactory. When I would try to checkout a repository using a svn+ssh:// url, ssh would ask for my password dozens of times. ssh-agent was the recommended solution, but there is no good way to run ssh-agent and have it be available to any random command prompt I might have opened.

After a few feeble attempts to glean svn+ssh:// tips from Google, I discovered plink.exe from the PuTTY project. Before learning that plink.exe existed, I tried to shoehorn putty.exe into Subversion as a replacement for ssh. plink, when paired with pageant, was the ultimate solution.

Last night I completed all the changes so that every machine I use can contact my Subversion repositories using SSH. First, you should read these articles on Subversion and SSH. DO NOT, I repeat, DO NOT do anything described in them, yet. There are a few concepts you should be grounded in that are described in them, but they all miss a mind numbingly simple solution.

Both of these articles describe scenarios for configuring and using Subversion. You should read them both just to reinforce the concepts presented.

Successful svn+ssh

For Subversion, you don't need OpenSSH for Windows. If like me, that's the only reason you have it, go ahead and uninstal it. As of this writing, there seems to be a bug in the uninstaller that takes out one too many semicolons from your PATH environment variable. If you do uninstall it, review your PATH carefully and put it back in.

If you're not already using it, you will want to download pageant.exe from the PuTTY site. Read Chapter 9 of the PuTTY user manual, then create a key for yourself and load it onto your target Subversion server(s).

Download the latest plink.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html.

Now, to solve your svn+ssh problems, rename plink.exe to ssh.exe and place it in a folder that is in your PATH. Open a command prompt, customize and run the following:

ssh username@server

Of course, you should replace server with your server's hostname or IP address, and username with your username on that server. This lets the ssh client grab the key from the remote server and get it all set up for you to use svn to connect to it. Customize and repeat that command for all the Subversion servers you will be securely accessing via SSH.

I recommend you add pageant to your startup profile so that it starts automatically when you log in. Just rightclick on your Start button, click Open, doubleclick the Programs folder, and then doubleclick the Startup folder. Righclick in this folder and choose New, Shortcut. Type, or use the Browse button to find, the path to pageant(eg. c:syspageant.exe), then click lots of Nexts, Oks, and Finishes until it completes. Every time pageant is started, it has to decrypt your key files. Just doubleclick it's icon, click the Add Key button, browse to the file, doubleclick it, and enter your password. Add any other keys you need using the same process. When done, just close the window.

Now, you are ready to use Subversion to connect to a repository via ssh. The *URL* you should use is built using the following format:

svn+ssh:// + your_username + @ + your_servername + full_path/to/repository

example: svn+ssh://johndoe@svn.acme.com/home/johndoe/svn/work