ssh-keygen with different user for subversion

Question

I can't figure out how to create public / private keys for other users on my server. On my server, I type the following through the shell

(uiserver):john:> ssh-keygen -t dsa

After that, I enter the filenames and password, which successfully results in a private key and public key pair for "john". Now when I use this key to ssh into my subversion repository (sitting on john), all actions are logged as "john". That's perfect.

So next, I want to create a public /private key pair for "george" so he can access my server. I repeated the ssh-keygen from my server. Then I gave the private key to George. George successfully installed the key, but every time he performs an action in the svn repository, subversion logs his actions as "john" instead of "george". How do I get subversion to recognize the difference between "george" and "john"?

I looked in authorized_keys2 and I noticed that the final comment for both keys is "john@uiserver". I tried editing the comment, but subversion still can't recognize the difference between george and john.

Additional Detail

I have a half-working solution based on Juliano's answer. I went to "david" machine (linux), made the prv/pub keys, attached pub key to john's authorized_keys2. Perfect! SVN is logging david's changes as david.

I went to "george" machine (windows xp), used puttygen to create prv/pub keys, attached pub key to john's authorized_keys2. George can access svn, but all his changes are still logged as john. I am trying bojo's tunnel solution as soon as I figure out where to configure it in TortoiseSVN.

ANSWER

I used option 2 of bojo's answer. In the end, all I needed to do was add the following line to my authorized_keys2

command="svnserve -t --tunnel-user=george",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss <george's long public key> == meaningful comment

I also added the line

george=george's password

to my /pathtorepository/conf/passwd to my subversion password file

Answer 1

Check the instructions on how to use the --tunnel-user command here at the svn manual. I imagine the reason George is showing up as John is because you aren't telling the ssh session which user it is, so it's defaulting to John's account.

To clarify, the original poster has two options.

1. Create a new user account for George. This assumes he has super user access.
2. Generate the second key (ideally George does this), append to the John account's .ssh/authorized_keys file, and add the above linked commands to the .ssh/authorized_users file as described. The link also describes how to limit the additional user's access to the John account.

Answer 2

Then I gave the private key to George.

Private keys are called private for a reason. They are never intended to be transferred this way. George should create his own key pair, in his own user environment. But this is not related to the problem you are experiencing. Keys are just prime factors of a really big number (oversimplified for easy understanding). User identity is not part of the key, but a "label" that is attached to the key, that SSH doesn't make a lot of use.

From your description, you are asking George to log to John's account through SSH. What determines the user that is logged in SVN actions is not related to the key pair used for authentication in any way, but to the user that is really being logged to.

So, George must have his own account login to the SVN server, the repository must be shared by both accounts, and George must use his own credentials to login to the server.

John's URL: svn+ssh://john@svn-server/path/to/repo

George's URL: svn+ssh://george@svn-server/path/to/repo

Answer 3

Is this related to this SO question, pointing to the blog entry svn over ssh prompts for the wrong username ?

The solution there was to to create a config file in george .ssh directory and putting the following in:

Host uiserver
User george

Answer 4

You can give a try using:

ssh-keygen -C "george"