Solution to possible SmartSVN’s SASL authentication problems

For svnserve, SASL is configured in the sasl section of conf/svnserve.conf, see below.

Depending on the Java Virtual Machine settings, high values for min-encryption may cause the authentication to fail. A solution is either to decrease this value or to upgrade the JVM to support the requested cipher strength.

Another cause for failures may be usage of too old JVMs. SASL authentication requires Java 1.5 or higher.

A working example

The conf/svnserve.conf file.
For details refer to here.

In /etc/sasl2 there are following files:

-rw-r--r-- 1 root root 49152 Apr 01 2009 sasldb_svn
-rw-rw-rw- 1 root root 135 Apr 01 2009 svn.conf

The /etc/sasl2/svn.conf is automatically read by svnserve (because it advertises itself as "svn").
Its list contains all possible mechanisms to use. When it comes to a handshake only those are used that satisfy svnserve.conf conditions (anonymous access support, encryption support, etc). Users and their passwords are validated against sasldb_svn database. A possible output of

# sasldblistusers2 /etc/sasl2/sasldb_svn

might look like: password
ivan@somewhereelse: password

Only alex has access to the repository with “” realm.

Using SmartSVN with a tunnelled SSH connection

Sometimes SVN servers are not directly accessible from the Internet, but hidden behind a corporate firewall. Using SSH tunnels is a way to allow access to such servers.

For such environments, the built-in SSH client of SmartSVN can’t be used as it requires direct access to the repository server. However, you can configure and use your system SSH to connect to such repositories.

The easiest way will be to use SSH’s ProxyCommand which can be configured in your .ssh/config file (details).

For my environment, I’m accessing our internal smartserver over the gateway gateway. So my configuration looks like:

Host gateway
 IdentityFile ~/gateway.ssh.key

Host smartserver
 ProxyCommand ssh gateway nc -w 1 smartserver 22
 IdentityFile ~/smartserver.ssh.key

I have stripped off the passwords from both private key files, so authentication requires no interaction (refer here for details). That’s an important step to avoid the OpenSSH password prompt or — even worse — get stuck, if that GUI-prompt does not work. Now I’m able to connect to smartserver via the gateway, simply by invoking:

ssh smartserver

In SmartSVN’s Repository Profiles I have set up following tunnel:

  • Name: ssh-gateway
  • Command: ssh
  • Parameters: ${host} ${svnserve}

In the Add Repository Profile wizard, I have entered URL svn+ssh://smartserver/repos/smartsvn and on the Details page, selected Tunnel set to ssh-gateway. That’s it!