Search code examples
svnsshssh-tunnel

svn over 2 ssh tunnels

I am cracking my nut here trying to get this to work, maybe someone can help me understand this a bit better. I found a question that is almost what I want to do called Accessing Subversion repository with 2 hops using svn+ssh protocol

Here is what I want to do:

I want to checkout a svn project on my Live server, but the svn server is not accessible on the internet. So I need to ssh tunnel into my main Network server, then into the SVN server and then checkout the files to the Live server

Here some fictive settings for clarity:

  1. The Live Server : (eth0) 10.123.210.123
  2. The Network Server : (eth0) 10.89.123.123 and (eth1) 192.168.1.1
  3. The SVN Server : (eth0) 192.168.1.8

All of the server authenticate with key files on port 9222 and server has a user admin with the valid key. So admin can log in to each server from almost any server, Live can't get to SVN directly logically.

So according to @epsilon-prime in the above mentioned post I should setup /home/admin/.ssh/config on the Live server with

Host mysubversionserver
        HostName = 10.89.123.123
        ProxyCommand = ssh 192.168.1.1 /usr/local/bin/nc -w 10 192.168.1.8 %p
        ForwardX11 = no
        User = admin
        ForwardAgent = yes

Besides the fact that I can't connect with this setup, I don't really understand how this will help me get to the subversion server. Once use this ssh I am on the subversion server, but I need to be on the Live server with this tunnel.... or am I just missing something really obvious ?

Solution

  • So after much reading and some more reading I finally found some explanations for my questions, and came to realise that this config will not work, but rather that @Rup was right even though his syntax was a bit wrong.

    To close the question anyway and have some usefull information for other searching souls, here is the correct way of making the tunnel with the config files in linux 

    Host FireWallServer
        HostName <FireWall Server IP>
        User admin
        IdentityFile ~/.ssh/id_rsa
        PasswordAuthentication no
        Compression yes
        ForwardX11 no

Host SVNServer
        ProxyCommand ssh FireWallServer nc <SVN Server IP> %p
        ForwardAgent yes

    You first friend would be man ssh_config as it contains most off the info you need. A nice explanation I found on Transparent Multi-hop SSH So the final best solution was to do a Local port foward tunnel:

    ssh -L 9223:<SVN Server IP>:80 admin@<FireWall Server IP>

    Now open another terminal and do your svn query on this tunnel:

    svn info http://localhost:9223/<path to your svn repo>

    A couple of must haves are however required for this way to work:

    1. All severs must be configured to accept ssh on port 9222 for user admin with a ssh_key
    2. All servers must have the ssh Daemon configure to use the same port
    3. SVN must be configured to run over apache with mod_dav

    Hope it is of use to someone :)