SVN+SSH Tunneling - Checking Out Files in Editor


I have a project that is source controlled through SVN on a private server that I own. I have a team of about 20-30 users that need access to the SVN. I have the access figured out by using SSH key authentication through one master SVN account on the server. The tunneled user shows up as the team member’s name when they commit through Tortoise and it works great.

The way the repository is organized is that in the main trunk I have an Engine folder which is the compiled release build off of GitHub and my project directory as well as an Assets folder which holds uncompressed art assets.

The problem comes in when users try to check out files within the Editor using the built-in SVN source control. I followed the answer submitted by muchcharles on another thread linked (here) and got the editor to recognize the connection with source control however because the access is managed by one user account I think it doesn’t quite understand who is checking out what. Every time that I attempt to checkout an asset within the editor, it gives an error (Unable to check out file) and then proceeds to lock the asset with the correct tunneled user name; however with a blue check and a lock. The only work around that I’ve been able to figure out is to make the file writable and then commit via Tortoise but that kinda defeats the purpose.

Thoughts anyone?

The way I have it setup is multiple users on the svn host, and then they are all in a unix group that has write permissions on the repository. Make sure you follow svn instructions on using the “sticky” bit on the repo to preserve the group permissions.

I’ll give that a try soon and get back to you. Unfortunately I have to do a Windows reformat first. lol derp

One thing I was trying to avoid was handing out passwords though it’s really not that big of a deal honestly… I would rather have Unreal work properly than having users complain about forgetting a password.

You can avoid passwords by getting public keys from the users. It is usually more secure to disable password authentication anyway and only use key based. You basically copy their public key into their .ssh/authorized_keys and then they can log in without a password.

Thanks so much! It works mostly about 90% of the time now. Lol

I’m curious if anyone has made any progress on this issue? We attempted to set up SVN over SSH from Unreal, and we ran into the same behavior as the original poster. Specifically:

  1. We’re able to establish a connection to SVN over SSH from the Unreal editor
  2. We’re able to create a new asset, mark it for add, and then commit it
  3. But we are never able to check out a file successfully, and when we attempt to the file is left in a locked state but with a blue checkmark.

We are currently on Unreal 4.15.3. Is SSH tunneling not officially supported? When we use HTTPS everything works fine.

Yea so what we did to solve the issue was to do what muchcharles suggested which was to give each user their own account on the server and have them share the same group which had ownership of the repo. This allowed users to login and checkout and check in files in the editor but it required them to run putty on each machine with that user’s credentials. We also had to setup an environment variable of SVN_SSH with a path to the plink exe… I can’t remember if we used tortoise’s plink or putty’s but at the end of the day it worked after much headache. There’s a blog out there that has the code snippet you need to put in the authorized keys file to get the tunneling to work. I’ve actually lost the command list because of stupid computer issues but we ended up going back to using the HTTPS protocol for a variety of reasons. Most notably of such being that it’s easier on our users and admins since they kept losing their key files and we had to keep regenerating them. We were just spending way to much time on that one issue that on the next project we avoided it completely. Secondly, with the right precautions in place, there isn’t much difference in security that we’ve found. An A+ rating on ssl labs pretty much covers the basics of what you need to protect the data coming in and out. Finally, the overhead required for the tunneling to work was tremendous compared to the speed over https… Basically if too many users tried to commit too many files at once, the server would get overloaded and start issuing 500 errors which would fail the commit. With https, we haven’t had that issue at all. Just some food for thought to take back to your boss or whoever. If you are required to use the tunneling, I hope you get it working with these tips but I highly suggest to go with the system that works already and just harden that up. Hope this helps. :slight_smile:

The speed problem with SSH is because plink uses a fixed window size. It will get even worse the higher the ping people have.

I posted details here on how to modify the source to increase the window size:

The other alternative is if you use svn through the windows subsystem for linux you won’t have the window size issue. But I don’t think you will be able to use the UE4 GUI or the Tortoise SVN GUI in that case without figuring out how to pipe things around.

HTTPS like you went with is probably less of a headache for 95% of users.

That’s fascinating! How do y’all even find that out about programs in the first place… Geez lol