|
⇤ ← Revision 1 as of 2007-02-28 18:02:30
Size: 4476
Comment:
|
Size: 4725
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 13: | Line 13: |
| SVN+SSH authentication with private key By default SVNKit tries to obtain all necessary information from the [tunnels] section of the config file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, SVNKit tries then to use predefined system properties listed beneath. |
== SVN+SSH authentication with private key == By default '''SVNKit''' tries to obtain all necessary information from the {{{[tunnels]}}} section of the ''config'' file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, '''SVNKit''' tries then to use predefined system properties listed beneath. |
| Line 16: | Line 16: |
| SVNKit uses a pure java Ganymed library to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let SVNKit know about your private key and passphrase: | '''SVNKit''' uses a pure java [http://www.ganymed.ethz.ch/ssh2 Ganymed library] to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let '''SVNKit''' know about your private key and passphrase: {{{ |
| Line 23: | Line 23: |
| SVN+SSH authentication with private key in Eclipse | }}} == SVN+SSH authentication with private key in Eclipse == |
| Line 25: | Line 27: |
| {{{ | |
| Line 32: | Line 34: |
| Note: a user name for an ssh connection will be taken from SVN Repository properties. | }}} |
| Line 34: | Line 36: |
| To avoid special batch script creation to launch Eclipse you may define ssh related properties in Eclipse config.ini file - ECLIPSE_HOME/configuration/config.ini (tip provided by Andrew Berman): | {i} Note: a user name for an ssh connection will be taken from SVN Repository properties. |
| Line 36: | Line 38: |
| To avoid special batch script creation to launch Eclipse you may define ssh related properties in Eclipse config.ini file - {{{ECLIPSE_HOME/configuration/config.ini}}} (tip provided by Andrew Berman): {{{ |
|
| Line 42: | Line 46: |
| }}} | |
| Line 43: | Line 48: |
| SSL Connections SVNKit uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a Subversion repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read this article for more details on how to install JCE. |
== SSL Connections == '''SVNKit''' uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a Subversion repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read [http://java.sun.com/products/jce/javase.html this article] for more details on how to install JCE. |
| Line 46: | Line 51: |
| Trusting SSL Certificates If SVNKit is used as a standalone library and no custom authentication provider is registered, SVNKit: |
== Trusting SSL Certificates == If '''SVNKit''' is used as a standalone library and no custom authentication provider is registered, '''SVNKit''': |
| Line 49: | Line 54: |
| by default trusts all SSL servers, though it doesn't cache server certificates; or uses a default JDK certificates storage to get SSL certificates of the trusted servers; and additionally it uses authority certificate files listed in the Subversion servers configuration file in these options: |
* by default trusts all SSL servers, though it doesn't cache server certificates; * or uses a default JDK certificates storage to get SSL certificates of the trusted servers; * and additionally it uses authority certificate files listed in the [http://subversion.tigris.org Subversion] ''servers'' configuration file in these options: {{{ |
| Line 59: | Line 65: |
| }}} |
Supported system properties and configuration options
This section contains information on configuring the SVNKit library - in order that one can adjust the library up to his individual wishes. Here you will find information on what configuration files SVNKit uses during runtime, what system properties are used in that case when config files are not available, and so on.
HTTP proxy setup
By default SVNKit uses proxy settings from the servers configuration file that is located in the default [http://subversion.tigris.org Subversion] run-time configuration area.
Default configuration area is located at ~/.subversion on Linux and OS X and at C:\Documents and Settings\userName\Application Data\Subversion on Windows. You may read more on Subversion client configuration files in the [http://svnbook.red-bean.com/en/1.1/ch07.html#svn-ch-7-sect-1 Subversion Book].
SVN+SSH authentication whith Subclipse
If you're using SVNKit with [http://subclipse.tigris.org Subclipse] version 0.9.37 or newer there is no need to use system properties to define SSH credentials, Subclipse will automatically prompt you for private key or password during establishing SSH connection.
SVN+SSH authentication with private key
By default SVNKit tries to obtain all necessary information from the [tunnels] section of the config file that is located in the default SVN run-time configuration area. However if that information is not complete or not found at all, SVNKit tries then to use predefined system properties listed beneath.
SVNKit uses a pure java [http://www.ganymed.ethz.ch/ssh2 Ganymed library] to establish SSH connections. This library supports only SSH version 2, with password or private key authentication. You may use the following system properties to let SVNKit know about your private key and passphrase:
svnkit.ssh2.key = /path/to/private/key/file svnkit.ssh2.username = userName svnkit.ssh2.passphrase = optionalPassphrase svnkit.ssh2.password = userpassword svnkit.ssh2.port = optionalPort
SVN+SSH authentication with private key in Eclipse
When starting Eclipse you can provide the above properties like this:
$ eclipse -vmargs \ -Dsvnkit.ssh2.key=/path/to/private/key/file \ -Dsvnkit.ssh2.username=userName \ -Dsvnkit.ssh2.passphrase=optionalPassphrase \ -Dsvnkit.ssh2.password=userpassword \ -Dsvnkit.ssh2.port=optionalPort
Note: a user name for an ssh connection will be taken from SVN Repository properties.
To avoid special batch script creation to launch Eclipse you may define ssh related properties in Eclipse config.ini file - ECLIPSE_HOME/configuration/config.ini (tip provided by Andrew Berman):
... svnkit.ssh2.key=path/to/private/key/file svnkit.ssh2.passphrase=passphrase svnkit.ssh2.username=username svnkit.ssh2.password=userpassword svnkit.ssh2.port=port
SSL Connections
SVNKit uses SSL support included into JDK. Some JDK versions don't support SSL server certificates longer than 1024 bytes or don't support certain Cypher Suites. If you're experiencing problems accessing a Subversion repository over SSL connection (via https protocol) consider using the latest JDK version and upgrading the JDK JCE package (Cryptotgraphic Extension) to an "unlimited strenght" one. Read [http://java.sun.com/products/jce/javase.html this article] for more details on how to install JCE.
Trusting SSL Certificates
If SVNKit is used as a standalone library and no custom authentication provider is registered, SVNKit:
- by default trusts all SSL servers, though it doesn't cache server certificates;
- or uses a default JDK certificates storage to get SSL certificates of the trusted servers;
and additionally it uses authority certificate files listed in the [http://subversion.tigris.org Subversion] servers configuration file in these options:
### 'ssl-authority-files' is a semicolon-delimited list of files, ### each pointing to a PEM-encoded Certificate Authority (CA) ### SSL certificate. ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem ### 'ssl-trust-default-ca' Trust the system 'default' CAs ssl-trust-default-ca = yes
Client SSL authentication In the Subversion servers configuration file you can specify your SSL authentication certificate files for a specific group:
ssl-client-cert-file= PKCS#12 format client certificate file ssl-client-cert-password= Client Key password, if needed. Read more information on this options in the Subversion book.