Public key authentication for svn over ssh

From FAIWiki
Jump to: navigation, search

Also demonstrated here is the ability to use the sshpass package to scp an identity file from another server (say, a keyserver). To do this, make sure the nfsroot has the sshpass package installed.

#! /bin/bash

# Author: Ryan Steele
#   Date: 2008-11-11

error=0 ; trap "error=$((error|1))" ERR

set -x

# Make sure the .subversion directory exists
mkdir $target/root/.subversion

# Add some ssh config options
echo -e "[tunnels]\nssh = \$SVN_SSH ssh -o StrictHostKeyChecking=no -o IdentitiesOnly=yes" -i /root/.ssh/svn_rsa\n" > $target/root/.subversion/config

# Grab the identity from the keyserver
sshpass -p 'SECRET' scp -o StrictHostKeyChecking=no keyserver:/path/to/sshkeys/svn_rsa $target/root/.ssh/svn_rsa

# Run the checkout.  Pass the shell as an argument to ssh-agent so commands run in that shell can contact the agent for authentication.
# Per the man pages, "If a commandline is given, this is executed as a subprocess of the agent.  When the command dies, so does the agent."
$ROOTCMD bash -c 'ssh-agent bash -c "ssh-add /root/.ssh/svn_rsa; svn co --non-interactive svn+ssh://svnserver/repos;"'

exit $error