How can I set proxy for subversion with ssh tunnel?

ssh svn proxy

24,592

Solution 1

You are using SSH to set up a local SOCKS server that tunnels to your SSH server. You mention that your reason for doing that is that "local connection is slow" but I fail to see how tunneling to a SSH server will make it faster.

Anyway, your problem is that Subversion can connect through a HTTP proxy or an SSH tunnel, but it has no idea about SOCKS. So you need to SOCKSify Subversion by capturing all its TCP connects and redirecting them to the SOCKS proxy.

Instead of paraphrasing those who have done it before, I'll point you to their detailed explanations :

Or in a nutshell mostly cut'n'pasted from Oliver's page :

Debian contains two socksifiers that are also available on sourceforge. The most recently updated one is ProxyChains, and it's quite straightforward to configure. Most socksifiers work in a similar fashion so these instructions should be a reasonable general case. To configure ProxyChains you just need to edit $(HOME)/.proxychains/proxychains.conf to have only the following lines:

DynamicChain
tcp_read_time_out 15000
tcp_connect_time_out 10000
[ProxyList]
socks5 127.0.0.1 8090
# NB: for some reason 'localhost' doesn't work in the above line

All you then need to do is 'wrap' svn in ProxyChains.

proxychains svn commit

In the above example, the svn application was none the wiser that its TCP connects to the Subversion server were redirected down your SOCKS proxy."

Solution 2

Posting here, as I found a less kludge-y way to do this. You can use Polipo to use your SSH SOCKS tunnel over HTTP proxy, by adding following lines to its configuration:

socksParentProxy = "localhost:8090"
socksProxyType = socks5

polipo by default listen on port 8123. And then in $HOME/.subversion/servers create a group for subversion hosts you want to check out from, e.g. if your subversion repository host(s) are named proj1.svn.domain.tld, proj2.svn.domain.tld, etc., then add following to [groups] section:

[groups]
domain = *.svn.domain.tld

And finally specify a proxy configuration for the group of the hosts you just added by adding a block for the group:

[domain]
http-proxy-host=localhost
http-proxy-port=8123

After this you should be able to operate on repository normally, as you used to work without SSH tunnel.

HTH

Solution 3

There are occasions when it's required on Windows PC to get svn+ssh connection to SVN repository through socks proxy server. This problem can be resolved with Putty which provides SSH functionality and can work with different proxy types. Proposed solution does not require local port forwarding.

Launch putty and create a session (e.g. socks_proxy)
Configure ONLY proxy for the session (Connection->Proxy) where it's required to submit Proxy hostname and Port. Putty works with selection of different proxy types including both SOCKS4 and SOCKS5. Optionally you can provide user name and password for proxy access.
Save the session. Please remember that session will have no configured Host Name for connection.
Open SVN configuration file Application Data\Subversion\config and locate section [tunnels]
Put additional SVN protocol description below section title: ssh=PATH_TO_PLINK/PLINK.EXE -load socks_proxy. Actually protocol name is your choice so you can choose any name if ssh is already used (e.g. use pssh= instead of ssh=).
Configure key for SSH access to target server where SSH will be used to run svnserve. It's recommended to use pageant to maintain keys.
Use svn for svn+ssh access. User name should be passed in URL - svn ls svn+protocol_name://username@server/repository where protocol name should be substituted with real name used in [tunnels] section of SVN configuration.

What's it - SVN will use protocol name to detect that plink.exe should be used for connection and plink will use session name socks_proxy to identify that proxy is present. Remember that PATH_TO_PLINK should be entered with slash, not with backslash. Example for occasion when plink.exe is located in folder C:\Program Files\Putty : ssh=C:/Program Files/Putty/PLINK.EXE -load socks_proxy.

Solution 4

You might give tsocks a try. With tsocks, you configure it to use the SOCKS proxy SSH sets up then run svn like so:

tsocks svn co {etc...}

Solution 5

I don't know about tunnelling with ssh -D but using something like

ssh -L8090:svn.server.com:22 [email protected]

You can then do tunnelling by adding a new protocol to subversion with the particular port that the tunnel is on. So, in ~/.subversion/config add a line like

pssh = ssh -p8090

in the [tunnels] section and then instead of svn+ssh://[email protected] use svn+pssh://user@localhost

If you have an existing working copy you can use

svn switch --relocate svn+ssh://[email protected] svn+pssh://user@localhost

to switch the address the working copy is linked with without having to do a new checkout.

View more solutions

24,592

Admin

Updated on September 17, 2022

Comments

Admin over 1 year

I want to check out/update the code via proxy since my local connection is slow. I setup ssh tunnel : ssh -D 8090 [email protected] to forward all the packets to my localhost:8090.

How can I set up subversion to use this?
- Tim Post about 15 years
  
  +1, good question. I'm interested in seeing if there's a way to do this too. I have very slow wi-fi and often browse via a SOCKS proxy set up in the same way, it'd be handy to have subversion (or others) use the same.
- innaM about 15 years
  
  And the proxy makes your wi-fi faster?
Admin about 15 years

I can't quite catch. Assume: I originally checkout with: svn co svn://code.somewhere.com/prj prj And what can I do now? Basically I can't really understand what do you mean by: "instead of svn+ssh://[email protected]". Thanks
blahdiblah about 15 years

If you have a working copy gotten with svn co svn+ssh://code.somewhere.com/prj prj, then going into prj/ and running svn switch --relocate svn+ssh://code.somewhere.com svn+pssh://localhost/ will update the wc to look as if it had been gotten via svn co svn+pssh://localhost/prj prj
Admin about 15 years

Maybe we misunderstand somewhere. Actually I want to check out the code on server A through server B(ssh -D 8090 user@B) to my local machine, is this feasible? svn co svn+pssh://localhost/prj prj seems just checkout the code one the server B unless I'm not getting you.
blahdiblah about 15 years

I've updated to address this with the ssh tunnelling I know. If I understand correctly, using "ssh -L8090:serverA.com:22 [email protected]" and then "svn co svn+pssh://user@localhost/prj prj" will check out the code from server A on your machine, via server B.
blahdiblah about 15 years

Ah! I think I see where the confusion might be. Setting up the tunnel starts a shell on the proxy server, but this isn't where the svn commands are happening. Those should happen in a separate shell on your computer. The -f flag for ssh might allow use of the same shell.
Deqing over 10 years

What is "localhost:8090" for?
abbe over 10 years

@Deqing it's the SOCKS proxy which is used by polipo as its upstream.
Jason Kao over 10 years

Thanks a lot this works for me. If you are on OS X and need DNS forwarding then use this proxychain fork. github.com/haad/proxychains and make sure the line 'proxy_dns' is in the config after the first line.