0

I need to allow certain members of my team to access an Ubuntu-based subversion repository that some of us have been using for more than a year. Unfortunately, my company has blocked port 22 outbound for some of these users (and won't unblock it) and so these people can't reach the repository over an encrypted channel. I think the easiest thing would be to set up an alternate protocol for these users (existing users can keep using svn+ssh on port 22 and blocked users can use svn+ssh_alt and connect via port 143 or 8080). But I'm totally confused about which ports to open and which applications need to listen on which ports. Can anyone suggest an answer?

Thanks!

  • minor correction. I think you mean destination ports of 22 are blocked. The port your own machine uses to connect to an ssh server i.e "outbound" will be a "high number port" typically 20000+ – Sirex Aug 13 '10 at 12:24

2 Answers2

1

Just add the following to your /etc/ssh/sshd_config file:

Port 22
Port 143
Port 8080

(the "Port 22" section is most likely already there)

Then your users can connect to any of those three ports to access the repository.

You'll also need to make sure that port 443 is allowed through the host firewall (if one exists).

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • Looks good. Giving it a whirl now. I need to open a port on the svn server's router and restart sshd. I'll report back what happens and (hopefully) mark as answered. Thanks! –  Jun 26 '10 at 03:34
0

Although not the simplest solution another option to consider would be to configure webdav on apache and serve the SVN repository that way.

Add SSL and appropriate authentication and you've got a solution which doesn't require you to modify sshd config files. It's also much easier to manage clients long term than giving out different instructions to different users on how to access the repo based on their network setup.

rmyates
  • 411
  • 2
  • 3