3

System & connection details

I am using a 64-bit system running Windows 7. I have Open VPN and Tortoise SVN 64-bit installed.

The repository is in a remote system, and we connect using VPN.

What I have done so far

I have followed the necessary steps to initiate the VPN connection -

  • Added some project specific config files inside the config folder of the Open VPN installation path. Took these files from working setup of team members.
  • Initiated Open VPN connection using a user.
  • ran Putty's Pageant.exe, selected the .ppk file and entered the pass phrase.

Everything fine upto here.

Then I went to the local directory and tried to checkout the remote repository URL using Tortoise SVN. But it throws the following error -

Checkout Failed

To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file.
Network connection closed unexpectedly

Following are contents of the [tunnels] section of my Subversion config file - 

### Section for configuring tunnel agents.
[tunnels]
### Configure svn protocol tunnel schemes here.  By default, only
### the 'ssh' scheme is defined.  You can define other schemes to
### be used with 'svn+scheme://hostname/path' URLs.  A scheme
### definition is simply a command, optionally prefixed by an
### environment variable name which can override the command if it
### is defined.  The command (or environment variable) may contain
### arguments, using standard shell quoting for arguments with
### spaces.  The command will be invoked as:
###   <command> <hostname> svnserve -t
### (If the URL includes a username, then the hostname will be
### passed to the tunnel agent as <user>@<hostname>.)  If the
### built-in ssh scheme were not predefined, it could be defined
### as:
# ssh = $SVN_SSH ssh
### If you wanted to define a new 'rsh' scheme, to be used with
### 'svn+rsh:' URLs, you could do so as follows:
# rsh = rsh
### Or, if you wanted to specify a full path and arguments:
# rsh = /path/to/rsh -l myusername
### On Windows, if you are specifying a full path to a command,
### use a forward slash (/) or a paired backslash (\\) as the
### path separator.  A single backslash will be treated as an
### escape for the following character.

Is this the section referred to in the error? I can't see any -q option there. What should be done now.

Note - I had posted the same question on Superuser too - https://superuser.com/q/295439/50101 . I did not get any answers there. Let me know if that should be deleted/closed.

Update
I tried with Smartsvn 6. While Openvpn gui is running and putty pageant is running, I selected "public/private-key authentication", selected the .ppk file and entered the pass phrase. I get this error - 

An error occurred while processing an SVN command 
File '\path\to\key-file.ppk' is not a valid OpenSSH DSA or RSA private key file.

Any ideas? Why this error? How could this be fixed or any pointers? Teammates have a 32-bit system running Windows xp and they are able to checkout. Whereas me and another new member have a 64-bit system running Windows 7, facing the same problem.

Further Details
The repository URL used to take checkout is like svn+ssh://@...com/var/svn/reposito‌​ries//

Teammates never generated any further keys or anything. They simply put some files into their open VPN config folder (some .ppk, .key, .crt and some open vpn config files).

Update 3
While generating RSA/DSA key using puttygen, there are 3 options under "type of key to generate" -> 1. SSH-1(RSA) 2. SSH-2 RSA 3. SSH-2 DSA. I selected SSH-1(RSA). clicked on save private key. Then again followed the same steps to take checkout. I also selected Tortoise SVN-> settings-> Network -> SSH Client -> browsed the pageant.exe file there. Still unsuccessful with checkout-> prompts "Couldn't load this key (unable to open file)" and then the same error - 

To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file.
Network connection closed unexpectedly

Update 4
One new teammate (working on exactly a system, 64-bit running windows 7, same as me) has successfully checked out from the remote server. Please check this question for further details Proper way to debug SVN+SSH checkout over VPN failure? How to compare with a working setup?

Zoe
  • 27,060
  • 21
  • 118
  • 148
Sandeepan Nath
  • 9,966
  • 17
  • 86
  • 144
  • 1
    How is the repository actually stored? Can we have a look at the URL? It seems strange to have to use SVN+SSH on top of a VPN. – artbristol Jun 13 '11 at 08:42
  • @artbristol - The repository URL used to take checkout is like svn+ssh://@...com/var/svn/repositories// Other members of the team (using a 32-bit system running windows xp) are able to checkout. – Sandeepan Nath Jun 21 '11 at 06:38
  • Any pointers guys? Please say something... this silence is killing me ... :) – Sandeepan Nath Jun 23 '11 at 13:36
  • ppk points to a key that was created/used with putty? You need to convert that key to be a proper RSA/DSA key – mkro Jun 24 '11 at 17:54
  • @mkro could you please elaborate this with respect to the files I am having - some .ppk, .key, .crt and some open vpn config files – Sandeepan Nath Jun 27 '11 at 13:01
  • @artbristol - please check my question http://stackoverflow.com/questions/6776118/proper-way-to-debug-svnssh-checkout-over-vpn-failure-how-to-compare-with-a-work – Sandeepan Nath Jul 21 '11 at 12:38

2 Answers2

2

As stated by mkro, the .ppk certificate is unique to Putty. Putty has a very handy tool for going back and forth between DSA, RSA, and PPK certificates, which you can download here. Just about every tool you'll use (other than Putty) that establishes SSH connections will use either a DSA or a RSA key-pair.

If you're on Linux, you can either download the putty source packages and build it yourself to get a copy of puttygen, or if you're on a distribution that provides a package manager, you can try to install it. For example, on Ubuntu, you would do:

$ sudo apt-get install putty-tools
$ puttygen <your.ppk> -O private-openssh -o <whatever you want to name it>
TkTech
  • 4,729
  • 1
  • 24
  • 32
  • @TkTech, @mkro - I am using Putty on a Windows 7 system. Right now I have the ppk files taken from working setup of teammates. So do I still need to convert to RSA/DSA keys? I don't think we need to ask the people managing the SVN server to send us some keys. Am I correct to assume that whatever needs to be done now is to be done on our local setup, right? – Sandeepan Nath Jun 27 '11 at 07:25
  • 1
    yes, you do need to convert the keys. I cannot answer whether everything you need to change is local, but please go ahead and try to convert the keys first. – mkro Jun 27 '11 at 19:48
  • @mkro - I have no idea of what I did but like you said, I tried converting the same ppk file which my teammates are using to connect using putty. Putty->Load an existing private key file -> Load -> entered the passphrase for the file -> then it gives option to save private key and public key files. Am I on the right track? My teammates did not have to do all this. Also, with my limited knowledge of public/private key encryption in practice, I am not able to see which way it is going... – Sandeepan Nath Jun 28 '11 at 06:41
  • hm, wait a minute: Do i understand correctly that your teammates can use the ppk-keys to access the repository but it does not work for you? If so, what are your teammates doing differently? Can you find out what configuration they use? – mkro Jun 28 '11 at 22:02
  • @mkro - you got it right... AFAIK, only difference - ours - windows 7 on 64 bit, theirs - windows xp on 32 bit. What other configurations shall I check for? – Sandeepan Nath Jun 29 '11 at 07:30
  • It's really hard to tell from here. Are you sure, that you can setup vpn/ssh connections to the actual subversion server? Have you tried, what the last error message suggests (remove the -q)? – mkro Jun 29 '11 at 19:09
  • @mkro - vpn connection is working fine. How do I check ssh connection to the actual subversion server? Please check my question http://stackoverflow.com/questions/6776118/proper-way-to-debug-svnssh-checkout-over-vpn-failure-how-to-compare-with-a-work – Sandeepan Nath Jul 21 '11 at 12:36
0

Finally solved the issue myself! I should have run OpenVPN GUI as administrator.

I did this and it worked -

Start Menu -> Right click on "OpenVPN GUI" from program list -> rest all is same, select a profile and click connect (OpenVPN).

How I did it
I tried installing different versions of OpenVPN and one time kept the checkbox checked, which says "Open Read me". And it opened the readme and there was something written like "While using Windows Vista you need to run OpenVPN GUI as administrator". I thought let me try this too, although I am using a Windows 7 system, and it worked! What a relief. Hope this is going to help others.

Sandeepan Nath
  • 9,966
  • 17
  • 86
  • 144