ssh-agent, PKCS#12, and Subversion



I'm using openssh (OpenSSH_5.5p1, OpenSSL 0.9.8n 24 Mar 2010) on
Cygwin and I'm having trouble getting Subversion to work with
ssh-agent. I apologize if this is the wrong list to ask about this on,
but it appears to me to be an openssh issue, not Subversion.

I have Subversion working using an ssh+svn connection that requires a
certificate. The certificate is in PKCS#12 format. I want to add this
certificate to ssh-agent so I don't have to type my passphrase all the
time. Unfortunately the Subversion FAQ doesn't provide any details on
doing this. (http://subversion.apache.org/faq.html#ssh-auth-cache)

Attempting to directly add the certificate to ssh-agent results in an
endless "Bad passphrase, try again for certificate.p12" cycle. If I
extract the key and client certificate into separate files
(certificate & certificate.pub) I'm able to add them to ssh-agent, but
I find no configuration of the .subversion/servers file that causes
Subversion to act like the agent is there. Per the comments in the
servers file the ssl-client-cert-file entry must point to a PKCS#12
format file, so I can't just point at the PEM versions.

If anyone with expertise in openssh and/or subversion can help me get
this working I would greatly appreciate it.

Regards,
Steven



Relevant Pages

  • [Fwd: Re: ssh-agent, PKCS#12, and Subversion]
    ... on, but it appears to me to be an openssh issue, not Subversion. ... The certificate is in PKCS#12 format. ... this certificate to ssh-agent so I don't have to type my ... Canada L8E 3C3 ...
    (SSH)
  • Re: roguelike hosting
    ... certificate too, but thats more money than I want to spend... ... subversion mainly and for obscure reasons) and probably buy a cheapy ... having an LDAP server integrate it all, but I am not sure how ...
    (rec.games.roguelike.development)
  • [F8] Apache Mod_Security and SubVersion
    ... I am able to access the subversion repository locally with the svn ... The SSL certificates are installed in the /etc/httpd/conf directory and ... work via the browser and the svn commands in the shell. ... server certificate not being passed to the client at all. ...
    (Fedora)