How to use TortoiseSVN to access Mediatemple subversion over svn+ssh

How to use TortoiseSVN to access Mediatemple subversion over svn+sshOne of important aspects when I am selecting hosting provider is subversion support. My previous host provider, DreamHost, had it, as well as my current host, Mediatemple (I am using (gs) – Grid Service option).

However, while DreamHost was allowing access to subversion repository over http protocol, Mediatemple is more strict: it requires to use svn+ssh (svn protocol over ssh). It proved that setting up this kind of access using great Windows subversion client, TortoiseSVN is a bit of a pain.

So, here is what helped me to get that done.

Ingredients

I will assume following data:

  • your domain hosted with media temple is yourdomain.com
  • your admin account is serveradmin@yourdomain.com
  • your domain account is 12345 (you can find out right number in MediaTemple Account Center -> Server Guide -> System Paths)
  • you followed this Mediatemple kb article and created repository named myrep

Software prerequisites are:

Generating public/private pair of keys

In order to access your subversion repository over ssh, you need to create pair of keys: private and public key which will be used for authentication of access to repository. Public key should be stored on your host account, while private key is your own and you should take great care not to give access to private key to anyone else.

Do ssh to your host (you can use PuTTY for this) and make sure that you are in your .home directory (use pwd command):

yourdomain.com@n10:~$ pwd
/home/12345/users/.home
yourdomain.com@n10:~$

Now, create your public/private keys executing ssh-keygen -t dsa; you will get something like:

yourdomain.com@n10:~$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/12345/users/.home/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/12345/users/.home/.ssh/id_dsa.
Your public key has been saved in /home/12345/users/.home/.ssh/id_dsa.pub.
The key fingerprint is:
0b:34:9e:2d:b4:d8:b1:ca:f4:a0:06:91:7f:18:15:0e

You can safely press Enter on all three questions (file / passphrase / passphrase repeated)

Previous process will create two files, located here:

/home/12345/users/.home/.ssh/id_dsa – private key
/home/12345/users/.home/.ssh/id_dsa.pub – public key

Than download (you can use FTP) file id_dsa to your computer (I will assume that you dowloaded into folder C:UsersDejanDocumentsKeys) and DELETE it from server:

yourdomain.comg@n10:~$ cd .ssh
yourdomain.com@n10:~/.ssh$ rm id_dsa

While still in shell window, rename public key id_dsa.pub to authorized_keys:

yourdomain.comg@n10:~/.ssh$ mv id_dsa.pub authorized_keys

Converting private key to PuTTY format

One final step is converting private key id_dsa to .ppk format understandable by PuTTY; navigate to PuTTY folder and fire up PuTTYGEN.Exe, and:

  1. Load id_dsa to PuTTYGEN
  2. Give comment so that you know purpose of the key
  3. Assign strong key passphrase (more on this later on)
  4. Save private key as mt-svn.ppk file

Putty Key Generator

With of without passphrase?

Step 3. above has multiple implications to the rest of the process; if you select to have passphrase to protect your private key, you will need to enter that passphrase at least when logging in computer, in order to “unlock” your private key.

If you decide not to have passphrase, you won’t need to use Pageant or any other method for managing key. However, this is basically as having heavy iron doors w/o lock. I strongly suggest to assign strong passphrase to your key.

Testing access

Now it is time to check if the keys are ok, access ok, and that everything works as expected. Use CMD prompt, navigate to PuTTY folder and execute following:

PuTTY.exe -ssh -2 -i “C:UsersDejanDocumentsKeysmt-svn.ppk” yourdomain.com

When prompted, enter ONLY your username ( serveradmin@yourdomain.com ) – you should be logged on Mediatemple server WITHOUT need to enter password. If that is not true, some of the steps above were missed – check above.

Configuring TortoiseSVN

Ok, now is time to configure TortoiseSVN to access above repositroy. Right click anywhere on empty space in Windows Explorer, and select TortoiseSVN -> Settings; navigate to Network section and setup SSH client as:

"C:Program FilesTortoiseSVNbinTortoisePlink.exe" -i "C:UsersDejanDocumentsKeysmt-svn.ppk"

Update 2009-11-08: Also, you can try this as well:

"C:Program FilesTortoiseSVNbinTortoisePlink.exe" -i "C:UsersDejanDocumentsKeysmt-svn.ppk" -P 22

(adding port command, thanks to comment by Didier)

Setting TortoisePlink for svn+ssh access

(of course, this will vary depending where you installed TortoiseSVN and on location / name of your private key)

Why TortoisePlink when we were talking about PuTTY all the time? Well, TortoisePlink is just custom version of PuTTY, and it is part of TortoiseSVN and all above can be applied to it.

Browsing repository for the first time

Finally, lets test access to repository; right click anywhere on empty space in Windows Explorer, and select TortoiseSVN -> Repo-browser and enter URL:

svn+ssh://serveradmin@yourdomain.com@yourdomain.com/home/12345/data/svn/myrep

You should be asked (twice) for your passphrase, and after short time, presented with your svn repository on Mediatemple.

Using Pageant for key store

Annoying part of ssh access is that every time you ask connection toward server (and that is basically ANY operation) you will be prompted for passphrase; that is not comfortable way of working 🙂

Solution to this is another PuTTY application – Pageant – SSH authentication agent; it holds your private keys in memory, already decoded, so that you can use them often without needing to type a passphrase.

You can either start Pageant manually, and press “Add Key” to import your private key, or you can make it part of the start up group, giving list of keys to be imported:

PageAnt.exe "C:UsersDejanDocumentsKeysmt-svn.ppk"

In that case, you would be asked just once when you log on for passphrase.

Now you are good to go with TortoiseSVN on Windows and Mediatemple subversion repository using svn+ssh 🙂

24 thoughts on “How to use TortoiseSVN to access Mediatemple subversion over svn+ssh”

  1. Great tutorial. I followed it but it’s not wokring. It just keeps asking me for the passwords.

    So I have a few questions:
    1. Do I have to create key from within PuTTy, or can I use puttygen.exe for this?
    2. Does both files (private and public) need to reside in /.home/.ssh folder?
    3. Is it correct to use “serveradmin@yourdomain.com@yourdomain.com” in the path name?

  2. 1. Create keys on server, both public and private; use PuttyGen just to CONVERT (not create) PRIVATE one (id_dsa) to Putty format (mt-svn.ppk)

    2. No. Leave JUST public key there, id_dsa.pub, renamed to authorized_keys

    Also, verify that permission on this file is 606.

    3. Yes, it is; there are other versions mentioned ( serveradmin%yourdomain.com@yourdomain.com ) but above works just fine for me.

    What happened when you tested connection as suggested above?

  3. Never mind. Delete this and my first comment. It all works. Not sure where it went wrong the first time.

  4. Hi Dejan
    Thanks for the time you have taken to publish this really helpful article.
    I’m stuck on one thing
    When I do pwd in the repository directory I get
    /home/xxxxxx/users/.home/data/svn/prema

    svn+ssh://serveradmin@domain.com@domain.com/home/65009/data/svn/prema

    Doesn’t seem to work, nor with the full path indicated above
    – Have created the public key / private key
    – transferred private to MyDocs,
    – Putty logs in from the command line as mentioned
    Tortoise errors with
    “Network Connection Closed Unexpectedly”
    I’d be grateful for any tips !
    Kind regards and thanks again
    Mike

  5. It is expected that pwd give different path – that is internal {mt} path which will get translated properly.

    Two things:

    – make sure that you have latest TortoiseSVN; some older versions had problem with svn+ssh

    – use whole line from Settings / Network, copy it to command prompt, append domain.com at the end and test; it should ask you for username (enter serveradmin@domain.com) and if all ok, nothing else.

    If it asks you for Password that something is wrong with key (check path).

  6. Hi Dejan !
    Thanks very much for the explanation!
    We will try again and see what happens and let you know
    Thanks very much
    Kind regards
    Mike

  7. Hi Dejan!
    is the any way not to use public and private keys?
    i tried just to type “svn+ssh://serveradmin@yourdomain.com@yourdomain.com/home/12345/data/svn/myrep” into repo-browser field and i was asked for username and password, but i couldn’t logg in. If using keys is the only way, could you suggest how to use several accounts to access repository? Should i create a few public/private key pairs?

  8. I believe that over ssh you have to use public/private keys.

    So, by analogy, try with different pairs of public/private keys, that should do the trick – I did not try myself that, to be honest.

  9. Hi Dejan,

    Thanks for the tutorial: helped me a whole lot to set up SVN with TortoiseSVN.

    One complement though: on the very last version of TortoiseSVN, I had to add -P 22 on the TortoisePLink command line for Network > Settings. Else, TortoisePlink would default to port 0 instead of 22 and it wouldn’t work.

    Maybe you should complete the tutorial on this part.

    regards
    didier

  10. fyi

    i had to change the svn repos directory when accessing it with tortoisesvn:

    in stead of
    svn+ssh://serveradmin@yourdomain.com@yourdomain.com/home/12345/data/svn/myrep

    i used
    svn+ssh://serveradmin@yourdomain.com/home/12345/data/svn/myrep

  11. Hi,

    Thanks for a great post. Everything worked for me but connecting with TortoiseSVN. I’m using WinXP and couldn’t connect with TortoiseSVN at all even though PuTTY was fine. The problem was due to not creating a new Saved Session. For some reason TortoiseSVN doesn’t like it if the “Default Settings” in PuTTY are not blank. I’ve blogged about this here: http://blog.sitedaniel.com/2010/01/tortoisesvn-putty-mediatemple-gridserver-winxp-set-up/
    Cheers

  12. The main thing that went wrong with me was that when I passed the file name to putty.exe. It didnt like the double-quotes.

    And gave the error:

    “Unable to use key file “C:UsersDaveDocumentsKeysmt-svn
    .ppk” (unable to open file)”

    putty.exe -ssh -2 -i C:UsersDaveDocumentsKeysmt-svn
    .ppk

  13. I followed the steps but while Browsing repository for the first time i am getting error “Network error: Connection time out”

    Any suggestion please?

  14. If you checked with Putty and all works fine, that leaves just simple connectivity issue.

    Do you have maybe firewall / router with strict rules? I believe that for SSH you need to have traffic toward TCP/IP port 22 enabled.

Leave a Reply to Dejan Vesić Cancel reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.