How can I set proxy for subversion with ssh tunnel?

You are using SSH to set up a local SOCKS server that tunnels to your SSH server. You mention that your reason for doing that is that "local connection is slow" but I fail to see how tunneling to a SSH server will make it faster.

Anyway, your problem is that Subversion can connect through a HTTP proxy or an SSH tunnel, but it has no idea about SOCKS. So you need to SOCKSify Subversion by capturing all its TCP connects and redirecting them to the SOCKS proxy.

Instead of paraphrasing those who have done it before, I'll point you to their detailed explanations :

• http://blog.yimingliu.com/2009/03/05/ssh-subversion-through-socks-proxy-on-mac-os-x/
• http://sites.google.com/a/gapps.oxuni.org.uk/oliver/Home/Teleworking

Or in a nutshell mostly cut'n'pasted from Oliver's page :

Debian contains two socksifiers that are also available on sourceforge. The most recently updated one is ProxyChains, and it's quite straightforward to configure. Most socksifiers work in a similar fashion so these instructions should be a reasonable general case. To configure ProxyChains you just need to edit $(HOME)/.proxychains/proxychains.conf to have only the following lines:

DynamicChain
tcp_read_time_out 15000
tcp_connect_time_out 10000
[ProxyList]
socks5 127.0.0.1 8090
# NB: for some reason 'localhost' doesn't work in the above line

All you then need to do is 'wrap' svn in ProxyChains.

proxychains svn commit

In the above example, the svn application was none the wiser that its TCP connects to the Subversion server were redirected down your SOCKS proxy."

Posting here, as I found a less kludge-y way to do this. You can use Polipo to use your SSH SOCKS tunnel over HTTP proxy, by adding following lines to its configuration:

socksParentProxy = "localhost:8090"
socksProxyType = socks5

polipo by default listen on port 8123. And then in $HOME/.subversion/servers create a group for subversion hosts you want to check out from, e.g. if your subversion repository host(s) are named proj1.svn.domain.tld, proj2.svn.domain.tld, etc., then add following to [groups] section:

[groups]
domain = *.svn.domain.tld

And finally specify a proxy configuration for the group of the hosts you just added by adding a block for the group:

[domain]
http-proxy-host=localhost
http-proxy-port=8123

After this you should be able to operate on repository normally, as you used to work without SSH tunnel.

HTH

I don't know about tunnelling with ssh -D but using something like

ssh -L8090:svn.server.com:22 [email protected]

You can then do tunnelling by adding a new protocol to subversion with the particular port that the tunnel is on. So, in ~/.subversion/config add a line like

pssh = ssh -p8090

in the [tunnels] section and then instead of svn+ssh://[email protected] use svn+pssh://user@localhost

If you have an existing working copy you can use

svn switch --relocate svn+ssh://[email protected] svn+pssh://user@localhost

to switch the address the working copy is linked with without having to do a new checkout.

Look at default configuration files at ~/.subversion/ There're many useful examples commented out. Proxies would be set up in ~/.subversion/servers

There are occasions when it's required on Windows PC to get svn+ssh connection to SVN repository through socks proxy server. This problem can be resolved with Putty which provides SSH functionality and can work with different proxy types. Proposed solution does not require local port forwarding.

1. Launch putty and create a session (e.g. socks_proxy)
2. Configure ONLY proxy for the session (Connection->Proxy) where it's required to submit Proxy hostname and Port. Putty works with selection of different proxy types including both SOCKS4 and SOCKS5. Optionally you can provide user name and password for proxy access.
3. Save the session. Please remember that session will have no configured Host Name for connection.
4. Open SVN configuration file Application Data\Subversion\config and locate section [tunnels]
5. Put additional SVN protocol description below section title: ssh=PATH_TO_PLINK/PLINK.EXE -load socks_proxy. Actually protocol name is your choice so you can choose any name if ssh is already used (e.g. use pssh= instead of ssh=).
6. Configure key for SSH access to target server where SSH will be used to run svnserve. It's recommended to use pageant to maintain keys.
7. Use svn for svn+ssh access. User name should be passed in URL - svn ls svn+protocol_name://username@server/repository where protocol name should be substituted with real name used in [tunnels] section of SVN configuration.

What's it - SVN will use protocol name to detect that plink.exe should be used for connection and plink will use session name socks_proxy to identify that proxy is present. Remember that PATH_TO_PLINK should be entered with slash, not with backslash. Example for occasion when plink.exe is located in folder C:\Program Files\Putty : ssh=C:/Program Files/Putty/PLINK.EXE -load socks_proxy.

You might give tsocks a try. With tsocks, you configure it to use the SOCKS proxy SSH sets up then run svn like so:

tsocks svn co {etc...}