Multiple users of SVN with single ssh account

Question

I am trying to use multiple svn authors for single hosting ssh account. I followed tricks from http://svn.apache.org/repos/asf/subversion/trunk/notes/ssh-tricks for tunnel-users but it is still showing same author as my hosting ssh account username. I have also checked that SVN version must be newer to 1.0.x to make it work for tunnel-users.

UPDATE

What I followed:

1. First I have taken the key from my hosting account id_rsa
2. Then I used PuttyGen to import and extracted the private key.
3. After that I created a session in Putty with my complete domain(.com/.net etc) and attached the private key in SSH->AUTH also I added my hosting account username in data for Auto-login.
4. For verification I checked the session and it worked without asking any password.
5. Now I created a copy of my id_rsa key in ~/.ssh dir as authorized_keys which is required by svnserve
6. Then I appended a line command="~/bin/svnserve -t -r ~/svn --tunnel-user=makki",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAfagd..... makki@domain.com
7. Now when all ready I created a repo on server with svnadmin create myrepo
8. I checked out with svn+ssh://mydomain.com/home/svn/myrepo and it successfully checked out But now when I commit it shows author as my ssh account not makki as I mentioned in the line which I appended in authorized_keys file.

Please guide what I am missing in the flow...

authorized_keys content

line#1 ssh-rsa AAAAB3..........
line#2 command="~/bin/svnserve -t -r ~/svn --tunnel-user=makki",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2E.....

Answer 1

If it's not working you must be missing the --tunnel-user option in your command or you're not using a unique key for the user.

From the SSH configuration section of the SVN Book :

It's also possible to have multiple users share a single account. Instead of creating a separate system account for each user, generate a public/private key pair for each person. Then place each public key into the authorized_keys file, one per line, and use the --tunnel-user option:

command="svnserve -t --tunnel-user=harry" TYPE1 KEY1 harry@example.com
command="svnserve -t --tunnel-user=sally" TYPE2 KEY2 sally@example.com

This example allows both Harry and Sally to connect to the same account via public key authentication. Each of them has a custom command that will be executed; the --tunnel-user option tells svnserve to assume that the named argument is the authenticated user. Without --tunnel-user, it would appear as though all commits were coming from the one shared system account .

Emphasis mine.

Based on your update to the question, it looks to me like you're reusing a key. Instead you should be generating a unique key for each user. Typically, how this would work is the user would generate their own key and then give you the public key which you'd add. If the key already exists in the ~/.ssh/authorized_keys file then I suspect the most permissive entry will apply.

Answer 2

My guess is that line #1 has the same key as in line #2, causing sshd to simply use the first one?

In any case, a couple of debugging pointers:

1. On the server side, you can use the --log-file option to svnserve to debug if it is even getting invoked

    command="~/bin/svnserve -t -r ~/svn --tunnel-user=makki  ,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty 

   Now, if you tail -f /home/makki/svnserve.log , you should see some activity if the svn tunnels through svnserve as expected.

2. On the client side, modify the Subversion config file to specify that ssh should log at verbose level ( -v option without -q ). That has helped me many a time to understand the root cause!