Subversion through a tunnel

Asked 14/5, 2011 at 22:9 Answered 14/5, 2011 at 22:16

For work, I work in a closed network. There are a few IP addresses that we have set up that are only accessible from inside our network. There is one box, though, that we can SSH into and tunnel through to get to our respective developer boxes.

I know I can get traffic from our developer box by using the -L argument of ssh. I was wondering if there was a way I could tunnel through our open box, to get into a closed box were our Subversion (SVN) repository is stored?

My computer --> Open box --> Developer boxes/SVN repository

I can't ssh into the SVN box, but is there a way to use ssh like a proxy to get access to the private Subversion box?

UPDATE:

1.1.1.1 -> Open Box 1.1.1.2 -> SVN Box

I can SSH into the SVN box after I tunnel through the open box:

ssh [email protected]
ssh [email protected]

This will allow me access to the SVN box. I figure, ssh into open box, local forward port 22 of SVN box to my port 22. Thus

ssh [email protected] -L 22:1.1.1.2:22

Then using SVN in command line:

svn co svn+ssh://user2@localhost/path

This returns

svn: Network connection closed unexpectedly

Why is this happening? Does svn+ssh use another port that I am not aware of?

Lampe answered 14/5, 2011 at 22:9 Comment(0)

Yes, you should be able to tunnel. I'm not sure if you're connecting to SVN when at work using something like this svn co http://..... or something like this svn checkout svn://......

I think you want to tunnel to either port 80 (if using over http), port 443 (if using https), and port 3690 if you're using just svn (not using apache). So your command should look something like this

ssh -f [email protected] -L 3690:your.internal.svn.server:3690 -N

Then you should be able to check out/commit/update/etc from your localhost as though your localhost was the svn server.

The -f makes it go background so you don't see the terminal stuck at your public servers shell prompt when all you wanted it for was tunneling. The -N says to not execute a remote command.

Witchcraft answered 14/5, 2011 at 22:16 Comment(7)

I use svn co svn+ssh://ip/var/svn/project If the open box's ip is 1.1.1.1 and the svn server is 1.1.1.2, would I do ssh -f [email protected] -L 3690:1.1.1.2:3690 -N ? That still returns nothing when I try and checkout using svn co svn+ssh://localhost/var/svn/project – Lampe 15/5, 2011 at 0:18

I think you'd want to use svn without the ssh in this case. Reason being that you are already tunneling to your companies network via ssh. However, if you did still want the ssh part I think you would probably need to forward ssh instead of the svn port. – Witchcraft 15/5, 2011 at 0:20

3690 is the svn port. Since you are doing the svn over ssh (the +ssh part) you will need to tunnel to ssh on your svn server. So I think what you want to try is ssh -f [email protected] -L 6000:1.1.1.2:22 -N. Then in your svn+ssh command you'll want to do this command svn+ssh://localhost:6000/repository/path/here/` – Witchcraft 15/5, 2011 at 0:25

This logically makes sense, but it appears my server isn't responding. I'll just wait till Monday when I am at work to figure out how to route my traffic. Thanks! – Lampe 15/5, 2011 at 0:56

You could always try to ssh without the svn part as a troubleshooting step. That should be easier to test as there is fewer pieces involved. – Witchcraft 15/5, 2011 at 3:15

When I SSH in I get a Connection closed by "ip". I think that's what is causing it to not work. Maybe SSH is closed over another SSH? – Lampe 15/5, 2011 at 3:59

Now, I can SSH into the open box, and then I can SSH into the SVN box. I tried using ssh [email protected] -L 22:1.1.1.2:22 to allow use of svn co svn+ssh://user@localhost/path but it fails to connect with error: svn: Network connection closed unexpectedly – Lampe 17/5, 2011 at 16:51

We have the same in my company. Short of using VPN to access the "internal" network, your only option I can think of would be to punch a hole in the network to allow access to your specific box. We typically create a virtual IP address in netscalar that points to the internal box to shield the internal box from "named" exposure.

I recommend working with your networking team to create this setup or if you don't have a network team, look into router settings to create this connection.

Tattoo answered 14/5, 2011 at 22:16 Comment(1)

See, my work is a tech team for a university, so I can essentially set up whatever I need. Its the perks of a small group of techs is that when we do develop for closed work, we can set up virtual machines however we want. No need to go through multiple people. I was hoping to try and get this to work without having to mess with anymore server settings. Hopefully I can get it working soon. – Lampe 15/5, 2011 at 0:21

Recommended topics

Hot tags