SVN Protocols and Non standard SSH ports

Here is an interesting thing I learnt today, you can create customer SVN protocol handlers. Why on earth would you want to do that? Well sometimes you want to use a non standard ssh setup!

you can define your non standard ssh protocol quite easily in the [tunnels] section of your ~/.subversion/config file. for example:

ssh1234 =  ssh -q -o ControlMaster=no -p1234

SSH pubkey fun

I had an interesting issue today where I was not able to use ssh key pairs to log into a box. It turns out that I had loose permissions on the home folder and ssh was silently failing.

So with that in mind, here is my guide to file system permissions for successful ssh authentication.

The home directory must not be writable for the world, but locking writes down to your user is probably a good thing too. the .ssh folder inside your home folder must be no looser than 0755 and the files inside .ssh *should* be 0600 to keep things nice and locked down tight.

chmod 755 /home/user
chmod 755 /home/user/.ssh
chmod 600 /home/user/.ssh/*

The home folder permissions is what tripped me up today, but a quick google and then chmod sorted that out for me.

PuTTY Love

Cool things to do with Putty:

Private and Public Keys

If you do not use these yet, you should! Go to the PuTTY download page and download PuTTygen. Create your Public and Private key and put a password on the private key! Don’t want to enter you private key all the time? nor do I – read on!

Agent Authenticating

Go to the PuTTY download page and download Pageant and run it. It will appear in your system tray. Right click on it and “Add Key” and locate your putty private key (.ppk) file and open it. It will ask for the password to your SSH key (You did put a password on it, right?) put it in and now all future PuTTy sessions will ask Pageant for your SSH Key Password.

Auto Login

Do you use the same username all the time? yeah me too – In the PuTTY Config under Connection -> Data you can setup your Auto Login Username. Combine this with our agent authentication and you no longer have to enter any information when you log into your servers!

One key to rule them all

If you want to use your PuTTY SSH key on your servers to authenticate between them, you can do this too. Load your private key in PuTTYgen and under the Conversions menu choose “Export OpenSSH Key” save that to a file and then you can put that on your servers in your ~/.ssh/id_rsa file (assuming you are using RSA and not DSA)

Forwarding Agent Authentication

This means that you can use your private keys on the server without passwords too! putty will forward the decrypting password to the server when it asks for it, meaning you can SSH around in perfect safety without worrying about unprotected keys!

To set this up in your PuTTY config go to Connection ->  SSH -> Auth and tick the box marked “Allow agent forwarding”

Logging into a remote server that is behind another

So, you have some Linux servers that are behind a gateway or firewall box, but do not want to have to ssh into the gateway and then into each box separately? one (horrible) solution is port forwarding. The better solution is to have putty log into those boxes itself!

Follow the instructions above and get yourself some shiny SSH keys and some password less login loving. Then In the Putty Config go to Connection -> SSH and put into the Remote Command box:


If you have your SSH key set up and your “Allow Agent Forwarding” box ticked, you should now be presented with your server that is living behind the gateway/firewall.

Shouts go out to Billy @ for showing me the way with all of this stuff!