Secure Shell
ssh-agent, PKCS#12, and Subversion May 28 2010 12:53PM
Steven Collins (spc for nbc gmail com)
I'm using openssh (OpenSSH_5.5p1, OpenSSL 0.9.8n 24 Mar 2010) on
Cygwin and I'm having trouble getting Subversion to work with
ssh-agent. I apologize if this is the wrong list to ask about this on,
but it appears to me to be an openssh issue, not Subversion.

I have Subversion working using an ssh+svn connection that requires a
certificate. The certificate is in PKCS#12 format. I want to add this
certificate to ssh-agent so I don't have to type my passphrase all the
time. Unfortunately the Subversion FAQ doesn't provide any details on
doing this. (http://subversion.apache.org/faq.html#ssh-auth-cache)

Attempting to directly add the certificate to ssh-agent results in an
endless "Bad passphrase, try again for certificate.p12" cycle. If I
extract the key and client certificate into separate files
(certificate & certificate.pub) I'm able to add them to ssh-agent, but
I find no configuration of the .subversion/servers file that causes
Subversion to act like the agent is there. Per the comments in the
servers file the ssl-client-cert-file entry must point to a PKCS#12
format file, so I can't just point at the PEM versions.

If anyone with expertise in openssh and/or subversion can help me get
this working I would greatly appreciate it.

Regards,
Steven

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus