It’s possible to control not only the way in which the client invokes ssh, but also the behavior of sshd on your server machine. In this section, we’ll show how to control the exact svnserve command executed by sshd, as well as how to have multiple users share a single system account.
To begin, locate the home directory of the account you’ll be using to launch svnserve. Make sure that the account has an SSH public/private keypair installed and that the user can log in via public-key authentication. Password authentication will not work, since all of the following SSH tricks revolve around using the SSH authorized_keys file.
If it doesn’t already exist, create the authorized_keys file (on Unix, typically ~/.ssh/authorized_keys). Each line in this file describes a public key that is allowed to connect. The lines are typically of the form:
ssh-dsa AAAABtce9euch... email@example.com
The first field describes the type of key, the second field is
the base64-encoded key itself, and the third field is a comment.
However, it’s a lesser known fact that the entire line can be preceded
command="program" ssh-dsa AAAABtce9euch... firstname.lastname@example.org
command field is
set, the SSH daemon will run the named program instead of the typical
tunnel-mode svnserve invocation
that the Subversion client asks for. This opens the door to a number
of server-side tricks. In the following examples, we abbreviate the
lines of the file as: