24

I want to check out/update the code via proxy since my local connection is slow. I setup ssh tunnel : ssh -D 8090 user@ssh.proxy.net to forward all the packets to my localhost:8090.

How can I set up subversion to use this?

  • +1, good question. I'm interested in seeing if there's a way to do this too. I have very slow wi-fi and often browse via a SOCKS proxy set up in the same way, it'd be handy to have subversion (or others) use the same. – Tim Post Apr 06 '09 at 05:31
  • And the proxy makes your wi-fi faster? – innaM Apr 07 '09 at 09:00

6 Answers6

21

You are using SSH to set up a local SOCKS server that tunnels to your SSH server. You mention that your reason for doing that is that "local connection is slow" but I fail to see how tunneling to a SSH server will make it faster.

Anyway, your problem is that Subversion can connect through a HTTP proxy or an SSH tunnel, but it has no idea about SOCKS. So you need to SOCKSify Subversion by capturing all its TCP connects and redirecting them to the SOCKS proxy.

Instead of paraphrasing those who have done it before, I'll point you to their detailed explanations :

Or in a nutshell mostly cut'n'pasted from Oliver's page :

Debian contains two socksifiers that are also available on sourceforge. The most recently updated one is ProxyChains, and it's quite straightforward to configure. Most socksifiers work in a similar fashion so these instructions should be a reasonable general case. To configure ProxyChains you just need to edit $(HOME)/.proxychains/proxychains.conf to have only the following lines:

DynamicChain
tcp_read_time_out 15000
tcp_connect_time_out 10000
[ProxyList]
socks5 127.0.0.1 8090
# NB: for some reason 'localhost' doesn't work in the above line

All you then need to do is 'wrap' svn in ProxyChains.

proxychains svn commit

In the above example, the svn application was none the wiser that its TCP connects to the Subversion server were redirected down your SOCKS proxy."

  • Thanks a lot this works for me. If you are on OS X and need DNS forwarding then use this proxychain fork. https://github.com/haad/proxychains and make sure the line 'proxy_dns' is in the config after the first line. – Gourneau Dec 19 '13 at 07:51
2

Posting here, as I found a less kludge-y way to do this. You can use Polipo to use your SSH SOCKS tunnel over HTTP proxy, by adding following lines to its configuration:

socksParentProxy = "localhost:8090"
socksProxyType = socks5

polipo by default listen on port 8123. And then in $HOME/.subversion/servers create a group for subversion hosts you want to check out from, e.g. if your subversion repository host(s) are named proj1.svn.domain.tld, proj2.svn.domain.tld, etc., then add following to [groups] section:

[groups]
domain = *.svn.domain.tld

And finally specify a proxy configuration for the group of the hosts you just added by adding a block for the group:

[domain]
http-proxy-host=localhost
http-proxy-port=8123

After this you should be able to operate on repository normally, as you used to work without SSH tunnel.

HTH

abbe
  • 356
  • 1
  • 11
1

I don't know about tunnelling with ssh -D but using something like

ssh -L8090:svn.server.com:22 user@other.server.com

You can then do tunnelling by adding a new protocol to subversion with the particular port that the tunnel is on. So, in ~/.subversion/config add a line like

pssh = ssh -p8090

in the [tunnels] section and then instead of svn+ssh://user@original.com use svn+pssh://user@localhost

If you have an existing working copy you can use

svn switch --relocate svn+ssh://user@original.com svn+pssh://user@localhost

to switch the address the working copy is linked with without having to do a new checkout.

blahdiblah
  • 179
  • 1
  • 7
  • I can't quite catch. Assume: I originally checkout with: svn co svn://code.somewhere.com/prj prj And what can I do now? Basically I can't really understand what do you mean by: "instead of svn+ssh://user@ssh.proxy.net". Thanks –  Apr 07 '09 at 03:17
  • If you have a working copy gotten with `svn co svn+ssh://code.somewhere.com/prj prj`, then going into `prj/` and running `svn switch --relocate svn+ssh://code.somewhere.com svn+pssh://localhost/` will update the wc to look as if it had been gotten via `svn co svn+pssh://localhost/prj prj` – blahdiblah Apr 07 '09 at 08:07
  • Maybe we misunderstand somewhere. Actually I want to check out the code on server A through server B(ssh -D 8090 user@B) to my local machine, is this feasible? svn co svn+pssh://localhost/prj prj seems just checkout the code one the server B unless I'm not getting you. –  Apr 07 '09 at 08:40
  • I've updated to address this with the ssh tunnelling I know. If I understand correctly, using "ssh -L8090:serverA.com:22 user@serverB.com" and then "svn co svn+pssh://user@localhost/prj prj" will check out the code from server A on your machine, via server B. – blahdiblah Apr 15 '09 at 08:43
  • Ah! I think I see where the confusion might be. Setting up the tunnel starts a shell on the proxy server, but this isn't where the svn commands are happening. Those should happen in a separate shell on your computer. The -f flag for ssh might allow use of the same shell. – blahdiblah Apr 15 '09 at 08:44
1

Look at default configuration files at ~/.subversion/ There're many useful examples commented out. Proxies would be set up in ~/.subversion/servers

Gleb
  • 538
  • 3
  • 7
1

There are occasions when it's required on Windows PC to get svn+ssh connection to SVN repository through socks proxy server. This problem can be resolved with Putty which provides SSH functionality and can work with different proxy types. Proposed solution does not require local port forwarding.

  1. Launch putty and create a session (e.g. socks_proxy)
  2. Configure ONLY proxy for the session (Connection->Proxy) where it's required to submit Proxy hostname and Port. Putty works with selection of different proxy types including both SOCKS4 and SOCKS5. Optionally you can provide user name and password for proxy access.
  3. Save the session. Please remember that session will have no configured Host Name for connection.
  4. Open SVN configuration file Application Data\Subversion\config and locate section [tunnels]
  5. Put additional SVN protocol description below section title: ssh=PATH_TO_PLINK/PLINK.EXE -load socks_proxy. Actually protocol name is your choice so you can choose any name if ssh is already used (e.g. use pssh= instead of ssh=).
  6. Configure key for SSH access to target server where SSH will be used to run svnserve. It's recommended to use pageant to maintain keys.
  7. Use svn for svn+ssh access. User name should be passed in URL - svn ls svn+protocol_name://username@server/repository where protocol name should be substituted with real name used in [tunnels] section of SVN configuration.

What's it - SVN will use protocol name to detect that plink.exe should be used for connection and plink will use session name socks_proxy to identify that proxy is present. Remember that PATH_TO_PLINK should be entered with slash, not with backslash. Example for occasion when plink.exe is located in folder C:\Program Files\Putty : ssh=C:/Program Files/Putty/PLINK.EXE -load socks_proxy.

1

You might give tsocks a try. With tsocks, you configure it to use the SOCKS proxy SSH sets up then run svn like so:

tsocks svn co {etc...}
Xorlev
  • 1,845
  • 14
  • 12