SSH Public Key Auth

This setup enable users to log in to remote machine without having to enter their password.

On local machine, generate public/private key pair:

ssh-keygen -t rsa

or use PuTTYgen

Send to remote machine:

cat ~/.ssh/id_rsa.pub | ssh user@domain "cat - >> ~/.ssh/authorized_keys"

or

scp ~/.ssh/id_rsa.pub user@domain:~/.ssh/authorized_keys

or use WinSCP

Note: when generating public keys using puttygen, reorganize the file content:

ssh-rsa <pub key string> user@domain
# in one line

<pub key string> is:

--- BEGIN ...
Comment: ...
<pub key string>
--- END ...

Set permission:

chmod 600 ~/.ssh/authorized_keys

To login from local machine:

ssh user@domain
# automatically logged in, no password prompt

or using PuTTy:

  • Connection > Data > Auto-login username: user
  • Connection > SSH > Auth > Private key file: *.ppk file generated by puttygen

Extra, SSH server configuration tweak (change those config values).

vim /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no

Trac on Fedora

This is multiple projects installation, a continuation from previous posts.

Install required packages:

yum install trac mod_wsgi

Software: Trac 0.11.7, mod_wsgi 2.3

Trac folder: /var/svn/trac
Python eggs cache dir: /tmp/egg-cache

Create new trac environment

trac-admin /var/svn/trac/testproj initenv
  Project Name > Test Project
  Database connection string > [sqlite:db/trac.db]
  Repository type > [svn]
  Path to repository > /var/svn/repos/testproj

Create wsgi script

vim /var/svn/trac/trac.wsgi
#!/usr/bin/env python
import os
def application(environ, start_request):
  os.environ['TRAC_ENV_PARENT_DIR'] = '/var/svn/trac'
  os.environ['PYTHON_EGG_CACHE'] = '/tmp/egg-cache'
  from trac.web.main import dispatch_request
  return dispatch_request(environ, start_request)

Apache mod_wsgi settings

vim /etc/httpd/conf.d/trac.conf
# comment all settings in /etc/httpd/conf.d/wsgi.conf
LoadModule wsgi_module modules/mod_wsgi.so
WSGIScriptAlias /trac /var/svn/trac/trac.wsgi
<Directory /var/svn/trac>
  WSGIApplicationGroup %{GLOBAL}
  Order deny,allow
  Allow from all
</Directory>
<LocationMatch "/trac/[^/]+/login">
  AuthType Digest
  AuthName "Project Repository"
  AuthUserFile /var/svn/auth
  Require valid-user
</LocationMatch>

Grant administration right to admin user (trac>=0.11)

trac-admin /var/svn/trac/testproj permission add user1 TRAC_ADMIN

Set ownership

chown -R apache.apache /var/svn

Reload apache

service httpd reload

View list of projects – http://localhost/trac

Apache + SVN on Fedora

Create SVN repo, accessible from network, all users can read & checkout, certain users can write / commit

Software: Apache 2.2.11, Subversion 1.6.6, mod_dav_svn 1.6.6

File & folder:

/var/svn/
/var/svn/auth – authentication file
/var/svn/repos/ – project repositories

Install mod_dav_svn

yum install mod_dav_svn svn

Create SVN repo (refer previous post)

svnadmin create --fs-type fsfs /var/svn/repos/testproj

Create authentication file

htdigest [-c] <auth file> <realm> <username>
htdigest -c /var/svn/auth "Project Repository" user1

c – create file (exclude this flag when adding users)

Setup Apache + mod_dav_svn

vim /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<Location /svn>
  DAV svn
  SVNParentPath /var/svn/repos
  SVNListParentPath On
  AuthType Digest
  AuthName "Project Repository"
  AuthUserFile /var/svn/auth
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
</Location>

Change ownership of the whole svn repo dir

chown -R apache.apache /var/svn

Note: Re-assign the ownership everytime you create a new repo

Lastly, reload apache

service httpd reload

View list of projects – http://localhost/svn
View contents of particular (myproj) project – http://localhost/svn/myproj

Using SVN

My notes on how to use subversion from command line.

Assumptions:

Project dir: ~/Projects/myproj
SVN temp layout dir: /tmp/svn
SVN repos: /var/svn/repos

Create repo

mkdir -p /var/svn/repos
svnadmin create --fs-type fsfs /var/svn/repos/myproj

Import project

svn import <local dir> <repo>
mkdir -p /tmp/svn/trunk /tmp/svn/tags /tmp/svn/branches
svn import /tmp/svn file:///var/svn/repos/myproj -m "Initial import" 
svn import ~/Projects/myproj file:///var/svn/repos/myproj/trunk -m "Initial project import"

for local repo – file:/// …
for network repo – http:// …

Check out

svn checkout|co <repo> [working copy]
svn checkout file:///var/svn/repos/myproj ~/Projects/myproj
svn co file:///var/svn/repos/myproj/trunk
# will auto checkout to folder 'myproj' in current dir
# that folder is called 'working copy' dir

Review changes

svn status
# in working copy dir

Add files

svn add <folder|file>

Delete file/folder

svn delete <folder|file>
svn delete file:///var/svn/repos/myproj/trunk/file.txt 
# also can delete file in repo, not only in working copy

Commit

svn commit -m "Log message"
# in working copy dir

Update

svn update (in working copy dir)

Tagging projects

svn copy <repo> <repo tag dir>
svn copy file:///var/svn/repos/myproj/trunk file:///var/svn/repos/myproj/tags/0.1 -m "Version 0.1"

Export (for release)

svn export <repo>
svn export file:///var/svn/repos/myproj/tags/0.1
# will export to folder 'myproj'  in current dir