Updating A Remote Subversion Workspace With Password-less Authentication

June 21, 2007

This tutorial will show you how to execute a command on a remote server using password-less authentication.

This particular example demonstrates updating a remote subversion (svn) workspace, though it can easily be adapted to any command you may require.

I’ve layered it into 4 steps- the final step being what I consider the most elegant and optimized solution to the problem.

1) Instead of actually logging into the remote machine with a full ssh session, simply execute the ’svn up’ command from a local cygwin shell. You will be prompted for your password and then the command will execute:

Administrator@MYLOCALDESKTOP ~ $ ssh myusername@remotemachine.com svn up /cygdrive/c/data/webroot/projects/clientname myusername@remotemachine.com's password: At revision 401.

2) This is an awfully long command to type in each time I want to run it so I will alias the command to something short and easy to remember by adding the following line to the .bashrc file in my cygwin home directory (in my case “/home/Administrator” which also corresponds to “C:\cygwin\home\Administrator”). You can add it to the other aliases you will find in there:

alias update_clientname='ssh myusername@remotemachine.com svn up /cygdrive/c/data/webroot/projects/clientname'

To get this alias to take effect immediately I source the .bashrc file using this command:

Administrator@MYLOCALDESKTOP ~ $ . .bashrc

And now when I execute the aliased command I get:

Administrator@MYLOCALDESKTOP ~ $ update_clientname myusername@remotemachine.com's password: At revision 401.

3) I could stop here as entering my password is an easy enough thing to do each time, but since I’m going to be running this command frequently and always from the same machine, I want to set things up so the command (or any other command) can be run without a password. This requires generating 2 keys- 1) a “public” key that will be stored locally and 2) a “private” key that will be stored on the remote machine.

a) Generate the key pair without a passphrase:

Administrator@MYLOCALDESKTOP ~ $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/Administrator/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/Administrator/.ssh/id_rsa. Your public key has been saved in /home/Administrator/.ssh/id_rsa.pub. The key fingerprint is: [omitted] Administrator@MYLOCALDESKTOP

b) Use ssh to create a directory ~/.ssh as user myusername on remotemachine.com. (The directory may already exist, which is fine):

Administrator@MYLOCALDESKTOP ~ $ ssh myusername@remotemachine.com mkdir -p .ssh The authenticity of host 'remotemachine.com (11.22.33.44)' can't be established. RSA key fingerprint is [omitted]. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'remotemachine.com,11.22.33.44' (RSA) to the list of known hosts. myusername@remotemachine.com's password:

c) And finally, I will use ssh to copy my freshly generated public key to a file in the new remote directory:

Administrator@MYLOCALDESKTOP ~ $ cat .ssh/id_rsa.pub | ssh myusername@remotemachine.com 'cat >> .ssh/authorized_keys2' myusername@remotemachine.com's password:

VOILA! My aliased command (or any other command I wish to execute on the remote machine) can be executed without a password:

Administrator@MYLOCALDESKTOP ~ $ update_clientname At revision 401.

4) To make this even more versatile, I can use a function instead of an alias in the .bashrc file. The function will take the name of the workspace I want to update as an argument. This way I don’t have to write a new alias for every workspace:

remotesvn_up () { ssh myusername@remotemachine.com svn up /cygdrive/c/data/webroot/projects/$@ ; }

Source the .bashrc file to make the new command take effect:

Administrator@MYLOCALDESKTOP ~ $ . .bashrc

And now my more generalized command can go to work:

Administrator@MYLOCALDESKTOP ~ $ remotesvn_up clientname At revision 401.

Bookmark to: