How can I set proxy for subversion with ssh tunnel?
Solution 1
You are using SSH to set up a local SOCKS server that tunnels to your SSH server. You mention that your reason for doing that is that "local connection is slow" but I fail to see how tunneling to a SSH server will make it faster.
Anyway, your problem is that Subversion can connect through a HTTP proxy or an SSH tunnel, but it has no idea about SOCKS. So you need to SOCKSify Subversion by capturing all its TCP connects and redirecting them to the SOCKS proxy.
Instead of paraphrasing those who have done it before, I'll point you to their detailed explanations :
- http://blog.yimingliu.com/2009/03/05/ssh-subversion-through-socks-proxy-on-mac-os-x/
- http://sites.google.com/a/gapps.oxuni.org.uk/oliver/Home/Teleworking
Or in a nutshell mostly cut'n'pasted from Oliver's page :
Debian contains two socksifiers that are also available on sourceforge. The most recently updated one is ProxyChains, and it's quite straightforward to configure. Most socksifiers work in a similar fashion so these instructions should be a reasonable general case. To configure ProxyChains you just need to edit $(HOME)/.proxychains/proxychains.conf to have only the following lines:
DynamicChain
tcp_read_time_out 15000
tcp_connect_time_out 10000
[ProxyList]
socks5 127.0.0.1 8090
# NB: for some reason 'localhost' doesn't work in the above line
All you then need to do is 'wrap' svn in ProxyChains.
proxychains svn commit
In the above example, the svn application was none the wiser that its TCP connects to the Subversion server were redirected down your SOCKS proxy."
Solution 2
Posting here, as I found a less kludge-y way to do this. You can use Polipo to use your SSH SOCKS tunnel over HTTP proxy, by adding following lines to its configuration:
socksParentProxy = "localhost:8090"
socksProxyType = socks5
polipo
by default listen on port 8123
. And then in $HOME/.subversion/servers
create a group for subversion hosts you want to check out from, e.g. if your subversion repository host(s) are named proj1.svn.domain.tld
, proj2.svn.domain.tld
, etc., then add following to [groups]
section:
[groups]
domain = *.svn.domain.tld
And finally specify a proxy configuration for the group of the hosts you just added by adding a block for the group:
[domain]
http-proxy-host=localhost
http-proxy-port=8123
After this you should be able to operate on repository normally, as you used to work without SSH tunnel.
HTH
Solution 3
There are occasions when it's required on Windows PC to get svn+ssh connection to SVN repository through socks proxy server. This problem can be resolved with Putty which provides SSH functionality and can work with different proxy types. Proposed solution does not require local port forwarding.
- Launch putty and create a session (e.g. socks_proxy)
- Configure ONLY proxy for the session (Connection->Proxy) where it's required to submit Proxy hostname and Port. Putty works with selection of different proxy types including both SOCKS4 and SOCKS5. Optionally you can provide user name and password for proxy access.
- Save the session. Please remember that session will have no configured Host Name for connection.
- Open SVN configuration file Application Data\Subversion\config and locate section [tunnels]
- Put additional SVN protocol description below section title: ssh=PATH_TO_PLINK/PLINK.EXE -load socks_proxy. Actually protocol name is your choice so you can choose any name if ssh is already used (e.g. use pssh= instead of ssh=).
- Configure key for SSH access to target server where SSH will be used to run svnserve. It's recommended to use pageant to maintain keys.
- Use svn for svn+ssh access. User name should be passed in URL - svn ls svn+protocol_name://username@server/repository where protocol name should be substituted with real name used in [tunnels] section of SVN configuration.
What's it - SVN will use protocol name to detect that plink.exe should be used for connection and plink will use session name socks_proxy to identify that proxy is present. Remember that PATH_TO_PLINK should be entered with slash, not with backslash. Example for occasion when plink.exe is located in folder C:\Program Files\Putty : ssh=C:/Program Files/Putty/PLINK.EXE -load socks_proxy.
Solution 4
You might give tsocks a try. With tsocks, you configure it to use the SOCKS proxy SSH sets up then run svn like so:
tsocks svn co {etc...}
Solution 5
I don't know about tunnelling with ssh -D
but using something like
ssh -L8090:svn.server.com:22 [email protected]
You can then do tunnelling by adding a new protocol to subversion with the particular port that the tunnel is on. So, in ~/.subversion/config add a line like
pssh = ssh -p8090
in the [tunnels]
section and then instead of svn+ssh://[email protected] use svn+pssh://user@localhost
If you have an existing working copy you can use
svn switch --relocate svn+ssh://[email protected] svn+pssh://user@localhost
to switch the address the working copy is linked with without having to do a new checkout.
Related videos on Youtube
Admin
Updated on September 17, 2022Comments
-
Admin over 1 year
I want to check out/update the code via proxy since my local connection is slow. I setup ssh tunnel :
ssh -D 8090 [email protected]
to forward all the packets to my localhost:8090.How can I set up subversion to use this?
-
Tim Post about 15 years+1, good question. I'm interested in seeing if there's a way to do this too. I have very slow wi-fi and often browse via a SOCKS proxy set up in the same way, it'd be handy to have subversion (or others) use the same.
-
innaM about 15 yearsAnd the proxy makes your wi-fi faster?
-
-
Admin about 15 yearsI can't quite catch. Assume: I originally checkout with: svn co svn://code.somewhere.com/prj prj And what can I do now? Basically I can't really understand what do you mean by: "instead of svn+ssh://[email protected]". Thanks
-
blahdiblah about 15 yearsIf you have a working copy gotten with
svn co svn+ssh://code.somewhere.com/prj prj
, then going intoprj/
and runningsvn switch --relocate svn+ssh://code.somewhere.com svn+pssh://localhost/
will update the wc to look as if it had been gotten viasvn co svn+pssh://localhost/prj prj
-
Admin about 15 yearsMaybe we misunderstand somewhere. Actually I want to check out the code on server A through server B(ssh -D 8090 user@B) to my local machine, is this feasible? svn co svn+pssh://localhost/prj prj seems just checkout the code one the server B unless I'm not getting you.
-
blahdiblah about 15 yearsI've updated to address this with the ssh tunnelling I know. If I understand correctly, using "ssh -L8090:serverA.com:22 [email protected]" and then "svn co svn+pssh://user@localhost/prj prj" will check out the code from server A on your machine, via server B.
-
blahdiblah about 15 yearsAh! I think I see where the confusion might be. Setting up the tunnel starts a shell on the proxy server, but this isn't where the svn commands are happening. Those should happen in a separate shell on your computer. The -f flag for ssh might allow use of the same shell.
-
Deqing over 10 yearsWhat is "localhost:8090" for?
-
abbe over 10 years@Deqing it's the SOCKS proxy which is used by polipo as its upstream.
-
Jason Kao over 10 yearsThanks a lot this works for me. If you are on OS X and need DNS forwarding then use this proxychain fork. github.com/haad/proxychains and make sure the line 'proxy_dns' is in the config after the first line.