Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Users
ssh-agent, PKCS#12, and Subversion
spc.for.nbc at gmail
May 28, 2010, 5:53 AM
Post #1 of 3 (2926 views)
Permalink
I'm using openssh (OpenSSH_5.5p1, OpenSSL 0.9.8n 24 Mar 2010) on
Cygwin and I'm having trouble getting Subversion to work with
ssh-agent. I apologize if this is the wrong list to ask about this on,
but it appears to me to be an openssh issue, not Subversion.

I have Subversion working using an ssh+svn connection that requires a
certificate. The certificate is in PKCS#12 format. I want to add this
certificate to ssh-agent so I don't have to type my passphrase all the
time. Unfortunately the Subversion FAQ doesn't provide any details on
doing this. (http://subversion.apache.org/faq.html#ssh-auth-cache)

Attempting to directly add the certificate to ssh-agent results in an
endless "Bad passphrase, try again for certificate.p12" cycle. If I
extract the key and client certificate into separate files
(certificate & certificate.pub) I'm able to add them to ssh-agent, but
I find no configuration of the .subversion/servers file that causes
Subversion to act like the agent is there. Per the comments in the
servers file the ssl-client-cert-file entry must point to a PKCS#12
format file, so I can't just point at the PEM versions.

If anyone with expertise in openssh and/or subversion can help me get
this working I would greatly appreciate it.

Regards,
Steven
Re: ssh-agent, PKCS#12, and Subversion [ In reply to ]
byrnejb at harte-lyne
May 28, 2010, 12:20 PM
Post #2 of 3 (2827 views)
Permalink
On Fri, May 28, 2010 13:56, Steven Collins wrote:
> That is correct. Here is an example of what I'm getting:
>
> $ ssh-add svnCertificate.p12
> Enter passphrase for svnCertificate.p12:
> Bad passphrase, try again for svnCertificate.p12:
> Bad passphrase, try again for svnCertificate.p12:
> Bad passphrase, try again for svnCertificate.p12: ^C
>
> $ cd ~/workingDir
>
> svn ls .
> Passphrase for '/home/username/.subversion/svnCertificate.p12':
> BC.c
> Debug32/
> ...

What happens when you do this?

$ ssh-add /home/username/.subversion/svnCertificate.p12

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Re: ssh-agent, PKCS#12, and Subversion [ In reply to ]
byrnejb at harte-lyne
May 28, 2010, 12:57 PM
Post #3 of 3 (2835 views)
Permalink
On Fri, May 28, 2010 15:23, Steven Collins wrote:
> No change. The passphrase is still rejected.


What userid are you using and what are the permissions on and to the
key?


--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal