This article describes how to set up Subversion (SVN) access for multiple users on a single A2 Hosting shared account.
Subversion clients use SSH to access repositories on A2 Hosting servers. However, a shared hosting account only has one SSH login, which can be a problem. You don't want to share your account password with other users just so they can access repositories.
The solution is to create and deploy a separate SSH key pair for each user. Because SSH key pairs do not require passwords, users can access your repositories using Subversion clients. Additionally, you can easily revoke access for a specific user without affecting other users.
The main steps for setting up multiple-user Subversion access are:
The procedures to do this are explained in this article.
If you and your users follow the procedures above, they have access not only to your Subversion repositories, but full shell access as well. This is a potential security risk, and probably not the configuration you want.
Additionally, all changes to the Subversion repositories (also known as “commits”) are made under the same account username. There is no way to tell which user made a particular change.
To resolve these issues, you can set up SVN tunneling. SSH tunneling allows you to restrict shell access on a per-key basis. Additionally, you can assign SVN usernames to track changes by individual users.
To set up SVN tunneling, follow these steps:
command="svnserve -t --tunnel-user=SVNNAME -r /home/USERNAME/REPOSITORY",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
For example, the following line shows how to set up SVN tunneling for a user named kelly (the key data has been shortened for readability):
command="svnserve -t --tunnel-user=kelly -r /home/username/myrepo",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAsaAPi1T…bdrU29eQ [email protected]
Save the changes to the ~/.ssh/authorized_keys file. Users can now access repositories without a full shell. For example, the following command demonstrates how a user can list a repository. Note that because the virtual root directory has been set, the user does not specify the full /home/USERNAME/ path to the repository:
svn list svn+ssh:[email protected]/project