Installing Oracle Enterprise 11g R2

Tested with: Fedora 18 / 19

Based on:

http://www.oracle-base.com/articles/11g/oracle-db-11gr2-installation-on-fedora-17.php

http://www.habitualcoder.com/?p=248

A. Get the files:

http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html

B. Install required packages:

#---
yum -y install \
ksh \
xterm \
unzip \
binutils \
compat-libstdc++-33 \
compat-libstdc++-33.i686 \
elfutils-libelf \
elfutils-libelf-devel \
gcc \
gcc-c++ \
glibc \
glibc.i686 \
glibc-common \
glibc-devel \
glibc-headers \
glibc-devel.i686 \
ksh \
libaio \
libaio.i686 \
libaio-devel \
libaio-devel.i686 \
libgcc \
libgcc.i686 \
libstdc++ \
libstdc++.i686 \
libstdc++-devel \
make \
numactl \
numactl-devel \
sysstat \
unixODBC \
unixODBC.i686 \
unixODBC-devel \
unixODBC-devel.i686 \
glibc-static.x86_64 \
glibc-static.i686
#---

C. Prepare environment:

1. Create user and groups:

#---
groupadd oinstall
groupadd dba
groupadd oper
groupadd asmadmin

useradd -g oinstall -G dba,oper,asmadmin oracle
#---

2. Create directories:

#---
mkdir -p /u01/app/oracle/product/11.2.0/db_1
chown -R oracle:oinstall /u01
chmod -R 775 /u01
#---

3. Mimic a Red Hat box:

#---
cp /etc/redhat-release /etc/redhat-release.orig.`date +"%Y-%m-%d"`
#---

#---
cat > /etc/redhat-release << __END__
redhat release 5
__END__
#---

4. Set up kernel parameters:

#---
cat >> /etc/sysctl.conf << __END__
########################################
# Oracle setup
########################################
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048586
########################################
__END__
#---

5. Add security resource limits for oracle user:

#---
cat >> /etc/security/limits.conf << __END__
########################################
# Oracle setup
########################################
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
########################################
__END__
#---

6. Add limits to PAM:

#---
cat >> /etc/pam.d/login << __END__
########################################
# Oracle setup
########################################
session required pam_limits.so
########################################
__END__
#---

7. Disable SELinux

Edit /etc/selinux/config and set it to (you need to reboot to take effect):

SELINUX=disabled

D. Preprare remote access to your X11 session:

http://gka-linux.blogspot.com.br/2013/07/enabling-remote-x11-access.html

E. Setup the oracle user:

1. Become oracle:

#---
su - oracle
#---

2. Setup the environment variables:

#---
cat >> ${HOME}/.bash_profile << __END__
########################################
# Oracle setup
########################################
export TMP=/tmp
export TMPDIR=/tmp

export ORACLE_HOSTNAME=localhost
export ORACLE_UNQNAME=orcl
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=\${ORACLE_BASE}/product/11.2.0/db_1
export ORACLE_SID=orcl
export ORACLE_TERM=xterm
export ORACLE_INSTANT_CLIENT=/usr/lib/oracle/11.2/client64
export PATH=\${ORACLE_HOME}/bin:\${PATH}:/usr/sbin:\${HOME}/.local/bin:\${HOME}/bin:\${ORACLE_INSTANT_CLIENT}/bin

export LD_LIBRARY_PATH=\${ORACLE_HOME}/lib:/lib:/usr/lib:\${LD_LIBRARY_PATH}:\${ORACLE_INSTANT_CLIENT}/lib
export CLASSPATH=\${ORACLE_HOME}/JRE:\${ORACLE_HOME}/jlib:\${ORACLE_HOME}/rdbms/jlib:\${ORACLE_INSTANT_CLIENT}/lib

if [ oracle = "oracle" ]; then
if [ /bin/bash = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
######################################## 
__END__
#---

2.1. For any developer user you might need to add the following to their environment:

#---
cat >> ${HOME}/.bash_profile << __END__
########################################
# Oracle setup
########################################
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=\${ORACLE_BASE}/product/11.2.0/db_1
export ORACLE_SID=orcl
export ORACLE_INSTANT_CLIENT=/usr/lib/oracle/11.2/client64
export PATH=\${ORACLE_HOME}/bin:\${PATH}:/usr/sbin:\${HOME}/.local/bin:\${HOME}/bin:\${ORACLE_INSTANT_CLIENT}/bin

export LD_LIBRARY_PATH=\${ORACLE_HOME}/lib:/lib:/usr/lib:\${LD_LIBRARY_PATH}:\${ORACLE_INSTANT_CLIENT}/lib
export CLASSPATH=\${ORACLE_HOME}/JRE:\${ORACLE_HOME}/jlib:\${ORACLE_HOME}/rdbms/jlib:\${ORACLE_INSTANT_CLIENT}/lib
######################################## 
__END__
#---

3. Make profile effective:

#---
source $HOME/.bash_profile
#---

3.1. Check it, if not effective, logout and in again

#---
echo $ORACLE_SID
#---

Expected:
orcl

F. Install:

1. Unzip packages, which I assume are in the $HOME from oracle user:

#---
unzip linux.x64_11gR2_database_1of2.zip
unzip linux.x64_11gR2_database_2of2.zip
#---

2. Run install script:

2.1. Do NOT forget to allow the oracle host to connect remotely to your X11

xhost +<oracle host>

2.2. Do NOT forget to export the DISPLAY variable:

export DISPLAY=<Host running X11>:0.0

2.3. If it is the same host:

On your REGULAR account:
#---
xhost +localhost
#---

On the ORACLE user shell:
#---
export DISPLAY=localhost:0.0
#---

2.4. Install

#---
cd database
./runInstaller
#---

3. It will fail in 2 situations, follow instructions at:

http://www.habitualcoder.com/?p=248

G. Post install:

1. Restore /etc/redhat-release to the original value: 

#---
# It only works if you did C.3. on the same date as the restore
cp /etc/redhat-release.orig.`date +"%Y-%m-%d"` /etc/redhat-release
#---

2. Execute the post install scripts:

#---
/u01/app/oraInventory/orainstRoot.sh
/u01/app/oracle/product/11.2.0/db_1/root.sh
#---

3. Edit /etc/oratab to the following:

orcl:/u01/app/oracle/product/11.2.0/db_1:Y

4. Start Oracle (as oracle):

Listeners:
#---
lsnrctl start
#---

Database:
#---
sqlplus / as sysdba << EOF
STARTUP;
EXIT;
EOF
#---

Jira and Confluence - Backup

This is a follow-up from my previous post about how to install and configure Jira and Confluence.

Backing everything up:

Create the backup directory:
#---
mkdir -p /var/local/atlassian-bkp/
chmod 750 /var/local/atlassian-bkp/
#---

Create the backup script:
#---
cat > /var/local/atlassian-bkp/atlassian_bkp.sh << __END__
#!/bin/sh
#
# Author: Gustavo Kuhn Andriotti
# Date: 2010.03.17
#

####
## Needed variables, you should edit only this
####

## general
BACKUP_DIR="/var/local/atlassian-bkp/"
DATE=\`date --utc +%Y%m%d-%H%M%S\`
LOG_FILE="\${BACKUP_DIR}/bkp-\${DATE}.log"

## JIRA
JIRA_DIR="/var/local/atlassian/jira/"
JIRA_DB="jiradb"
JIRA_USER="jirauser"
JIRA_PASS=""
## Confluence
CONFLUENCE_DIR="/var/local/atlassian/confluence/"
CONFLUENCE_DB="confluencedb"
CONFLUENCE_USER="confluenceuser"
CONFLUENCE_PASS=""

## services
STOP_TOMCAT="Y"
STOP_MYSQL="N"

####
## Stop relevant services
## You may not want to do this
####

echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting backup" > \${LOG_FILE}

## tomcat
if [ "Y" == \${STOP_TOMCAT} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Stopping Tomcat" >> \${LOG_FILE}
service tomcat5 stop
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Tomcat stopped" >> \${LOG_FILE}
fi
## mysql
if [ "Y" == \${STOP_MYSQL} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Stopping MySQL" >> \${LOG_FILE}
service mysqld stop
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" MySQL Stopped" >> \${LOG_FILE}
fi

####
## Backup databases
####

## General
mkdir -p \${BACKUP_DIR}

## JIRA
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the JIRA database up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\${JIRA_DB}-\${DATE}.gz"
mysqldump -B \${JIRA_DB} -u \${JIRA_USER} -p\${JIRA_PASS} | gzip -c - > \${BKP_FILE}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" JIRA database backed up at: \${BKP_FILE}" >> \${LOG_FILE}

## CONFLUENCE
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the Confluence database up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\${CONFLUENCE_DB}-\${DATE}.gz"
mysqldump -B \${CONFLUENCE_DB} -u \${CONFLUENCE_USER} -p\${CONFLUENCE_PASS} | gzip -c - > \${BKP_FILE}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Confluence database backed up at: \${BKP_FILE}" >> \${LOG_FILE}

####
## Backup files
####

## JIRA
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the JIRA files up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\`basename \${JIRA_DIR}\`-\${DATE}.tgz"
tar -czf \${BKP_FILE} \${JIRA_DIR}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" JIRA files backed up at: \${BKP_FILE}" >> \${LOG_FILE}

## Confluence
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the Confluence files up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\`basename \${CONFLUENCE_DIR}\`-\${DATE}.tgz"
tar -czf \${BKP_FILE} \${CONFLUENCE_DIR}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Confluence files backed up at: \${BKP_FILE}" >> \${LOG_FILE}

####
## Start services if they were stopped
####

## mysql
if [ "Y" == \${STOP_MYSQL} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting MySQL" >> \${LOG_FILE}
service mysqld start
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" MySQL Started" >> \${LOG_FILE}
fi

## tomcat
if [ "Y" == \${STOP_TOMCAT} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting Tomcat" >> \${LOG_FILE}
rm -f \${JIRA_DIR}/.jira-home.lock
service tomcat5 start
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Tomcat started" >> \${LOG_FILE}
fi

####
## Done
####
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backup done!" >> \${LOG_FILE}
__END__
chmod 750 /var/local/atlassian-bkp/atlassian_bkp.sh
#---

NOTE: DO edit the resulting file: /var/local/atlassian-bkp/atlassian_bkp.sh to put the correct passwords for the database users.

It will store all backups at /var/local/atlassian-bkp/ and a typical backup will have a file list as follows:

-rwxr-xr-x. 1 root root 3112 2010-03-17 19:32 atlassian_bkp.sh
-rw-r--r--. 1 root root 796 2010-03-17 19:32 bkp-20100317-223145.log
-r--------. 1 root root 181902319 2010-03-17 19:32 confluence-20100317-223145.tgz
-r--------. 1 root root 8572 2010-03-17 19:31 confluencedb-20100317-223145.gz
-r--------. 1 root root 79531583 2010-03-17 19:31 jira-20100317-223145.tgz
-r--------. 1 root root 15302 2010-03-17 19:31 jiradb-20100317-223145.gz

Test the script:
#---
sh -x /var/local/atlassian-bkp/atlassian_bkp.sh
#---

Put the script in the crontab (daily):
#---
ln /var/local/atlassian-bkp/atlassian_bkp.sh /etc/cron.daily/atlassian
#---

Notice that it is a HARD link to the cron.daily, so that when you edit the original file it also reflects a change at the crontab.

BUT to remove the file completely you MUST remove from BOTH locations:
#---
rm -f /var/local/atlassian-bkp/atlassian_bkp.sh
rm -f /etc/cron.daily/atlassian
#---

Checkout if the starting time is okay for you (the standard is 03:00):
#---
cat /etc/anacrontab
#---

Related posts:
Installation and configuration: http://gka-linux.blogspot.com/2010/03/jira-and-confluence.html

SSH in a more secure way

SSH is a wonderful tool, I cann't praise it enough. But as all powerful tools it requires special attention to its use. In this post I want to put good recommendations into action. The guidelines are:

1. No "root" direct access;
2. Only ONE user should have remote access to the system AND "su" rights;
3. All users with full featured shells, except for the one with "su" rights, should NOT have remote access granted (you can always become any user with the access user);
4. All other users that MUST have remote access MUST have restricted shells, like "rbash".

A. The SSH server configuration at: /etc/ssh/sshd_config

(below are the excerpt from the file whose change are recommended)

# This is the default, but it is important to keep it explicit
Port 22
# If you have several interfaces it may be good to force the access to be from a specific network interface/address or mask, this is your server IP address or IP masked range.
# using 192.168.0.0 will NOT grant access to someone addressing your server outside the 192.168.X.X range.
ListenAddress 0.0.0.0
# Enforce the use of ONLY the version 2
Protocol 2
# Turns root remote access off
PermitRootLogin no
# Will log authentication failures when half the amount is tried: it does NOT block access JUST logs failures
MaxAuthTries 4
# If your clients are not behind a proxy it is wise to restrict the amount of open sessions that a single host can make to your machine
MaxSessions 4
# This can be a security issue. Suit yourself (I need it for CruiseControl)
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# I really like PAM
UsePAM yes
# This can be really annoying if you have several users trying to connect simultaneously, but it helps to prevent brute-force attacks to your server, keep it low.
MaxStartups 2

B. The PAM setup at: /etc/pam.d/sshd

(add the following line)

auth required pam_listfile.so item=user sense=allow file=/etc/sshd/sshd.allow onerr=fail

This line tells PAM to look for the file /etc/sshd/sshd.allow for the users that are ALLOWED to access your server through SSH. This file should contain only the users that REALLY need direct remote access.

#---
cat > /etc/ssh/sshd.allow << __END__
SU_user
rbash_user
__END__
chown root:root /etc/ssh/sshd.allow
chmod 400 /etc/ssh/sshd.allow
#---

C. The IPTABLES part at: /etc/sysconfig/iptables

(Add or modify the following line):

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

D. Restart the servers:

#---
service sshd restart
service iptables restart
#---

Have fun!!!

Reference:

http://www.cyberciti.biz/tips/linux-pam-configuration-that-allows-or-deny-login-via-the-sshd-server.html

[updated] Subversion and Apache with PAM

First of all, I'm not an SELinux expert, but it really annoys me from time to time. Let me start with the whole story.

I'm simply trying to install and configure an SVN server, or subversion with you will. But I definitely want neither something like plain text authentication nor an access without authentication. Therefore I was trying to configure an access tunnelled through SSH (svn+ssh). I tried every cookbook recipe that I could put my hands on. Nothing worked. Then I started trying an SVN+Apache+SSL configuration. A little further but the authentication wasn't working. Then I figured it out: SELinux was the one to blame.

Ok, now that I just whined about SELinux lets go to the problem and how to solve it.

Problem:

- Subversion server (SVN)
- Authentication through system authentication, i.e., the linux users should have access to the SVN without requiring an extra password (the local authentication solution was no good)
- Secure access to the SVN (through SSH or HTTPS)

Solution:

1. VERY, but VERY, important FIRST step:

- reduce the SELinux enforcement level. Adjust the /etc/sysconfig/selinux file to:

SELINUX=permissive # this is definitely enough

1.1. Restart your machine. This is absolutely necessary. If you don't, none of the things will work until you do it.

2. Install the required packages:

2.1. Subversion server:

#---
yum -y install \
subversion
#---

2.2. Cyrus SASL sever (to act as a proxy for the authentication):

#---
yum -y install \
cyrus-sasl \
cyrus-sasl-md5 \
cyrus-sasl-plain
#---

2.3. The Apache server an its modules:

#---
yum -y install \
httpd \
mod_auth_shadow \
mod_auth_pam \
mod_dav_svn \
mod_ssl
#---

3. Setup your SVN repository, locally (you can visit the subversion home-page and take a look on the documentation) at, for the sake of an actual example, /var/svn/ :

#---
svnadmin create /var/svn/
svn mkdir -m "Initial setup: main development tree" file:///var/svn/trunk
svn mkdir -m "Initial setup: branches" file:///var/svn/branches
svn mkdir -m "Initial setup: tagged versions" file:///var/svn/tags
#---

3.1. Edit your SVN configuration file /var/svn/conf/svnserve.conf :

[general]
anon-access = none
auth-access = write
realm = test

[sasl]
use-sasl = true
min-encryption = 0
max-encryption = 256

4. Setup the users groups, it is necessary to have access to the SVN repository:

#---
groupadd svnusers
chgrp -R svnusers /var/svn/
chmod -R ug+rw /var/svn/
usermod -a -G svnusers <user-name that suppose to have access to the SVN>
#---

OBS.: Remember, if you are the user in question you need to logout before trying to access the SVN. The change will only take effect on the NEXT login.

4.1. Setup the apache user to be able to read the /etc/shadow file:

#---
groupadd shadow-readers
usermod -a -G shadow-readers apache
chgrp shadow-readers /etc/shadow
chmod g+r /etc/shadow
#---

OBS.: This is security problem, minor, but still. Be aware of that!

5. Setup the Cyrus SASL:

5.1. The SVN part of the SASL, in the file (which you need to create) /etc/sasl2/svn.conf:

#---
cat > /etc/sasl2/svn.conf << __END__ pwcheck_method: saslauthd __END__ #---

5.2. The SASL Server to use PAM as the authentication method, in the file /etc/sysconfig/saslauthd :

MECH=PAM

6. Setup the Apache server:

6.1. Add the apache user to the svnusers group, this is necessary for the apache to be able to read the files to show you:

#---
usermod -a -G svnusers apache
#---

6.2. Change Apache default group in the file /etc/httpd/conf/httpd.conf to be the svnusers:
Group svnusers

OBS.: Note that this is an alternative solution. The convetional solution would be to set the owner of your repository to be the apache user:

#---
chown -R apache:svnusers /var/svn/
#---

6.3. I suppose you want an SSL server then edit the file /etc/httpd/conf.d/subversion.conf :

#---
cat > /etc/httpd/conf.d/subversion.conf << __END__

LoadModule dav_module modules/mod_dav.so

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule auth_pam_module modules/mod_auth_pam.so

LoadModule ssl_module modules/mod_ssl.so


<Location /repos> # <<<<<<< PAY ATTENTION TO THIS

DAV svn

# v----- PAY ATTENTION TO THIS

SVNPath /var/svn/

AuthType Basic

AuthPAM_Enabled on

AuthShadow on

AuthName "test"

Order allow,deny

Allow from all

# since you are restricting to the svnusers ...

Require group svnusers # <<<<<<< PAY ATTENTION TO THIS

# Limit write permission to list of valid users.

<LimitExcept GET PROPFIND OPTIONS REPORT>

# Require SSL connection for password protection.

SSLRequireSSL

Require user valid-username

</LimitExcept>

</Location>

__END__

#---

7. Setup the PAM part:

7.1. The PAM file for the SVN, in the file /etc/pam.d/svnserve :

#---
cat > /etc/pam.d/svnserve << __END__

#%PAM-1.0

auth required pam_sepermit.so

auth include system-auth

account required pam_nologin.so

account include system-auth

password include system-auth

__END__

#---

OBS.: This is the part that will be used when accessing the SVN through an SSH connection, like:

#---
svn list svn+ssh://<user-name that suppose to have access to the SVN>@localhost/var/svn
#---

7.2. The PAM file for Apache, in the file /etc/pam.d/httpd (the same as above):

#---
cat > /etc/pam.d/httpd << __END__ #%PAM-1.0

auth required pam_sepermit.so

auth include system-auth

account required pam_nologin.so

account include system-auth

password include system-auth

__END__

#---

OBS.: This is the part that will be used when accessing in the browser: https://localhost/repos/

8. Put the services to start at boot time:

#---
chkconfig --level 345 httpd on
chkconfig --level 345 saslauthd on
chkconfig --level 345 sshd on
#---

8.1. Start the services now to test them:

#---
service httpd start
service saslauthd start
service sshd start
#---

8.2. Check if the services are actually on and serving:

OBS.: For this part you will need the "nc", so:

#---
yum -y install \
nc
#---

For all tests the response should be:

Connection to localhost port [tcp/https] succeeded!

#---
nc -z localhost 22 || echo "SSH is not running" # ssh
nc -z localhost 80 || echo "HTTP is not running" # http
nc -z localhost 443 || echo "HTTPS is not running" # https
#---

9. Check with a real example:

9.1. SSH access:

#---
svn list svn+ssh://<user-name that suppose to have access to the SVN>@localhost/var/svn/
#---

9.1.1. If you have something to import already:

#---
svn import svn+ssh://<username that suppose to have access to the SVN>@localhost/var/svn/trunk/ -m "Import version"
#---

OBS.: Check it out if it is there by running the command before this last on.

9.2. Https access (in a browser)

https://localhost/repos/

OBS.: It will ask your user-name and password, provide it and this should let you see the repository

9.3. Eclipse url:

svn+ssh://localhost/var/svn/

10. Possible problems:

10.1. Nothing works. Did you reboot your machine, as said in step 1.1?
10.2. No other machine, besides the one where the server is, can access the repository. Check the IPTABLES (out of the scope of this post)
10.3. Permission denied. Did you logout before trying to access (see OBS in step 4)
10.4. Some other problem. Check the following log files:

/var/log/messages # for daemon startup problems
/var/log/secure # for ssh/authentication errors
/var/log/audit/audit.log # typically for SELinux errors and general permission errors
/var/log/httpd/error_log # for regular http errors
/var/log/httpd/access_log # for regular http access log
/var/log/httpd/ssl_error_log # for https errors
/var/log/httpd/ssl_access_log # for https access log

10.4.1. Increase the log verbosity:

A. SASL: add the following line to the file /etc/sasl2/svn.conf:
log_level: 7 # the maximum log level

B. PAM: add, after each line in the PAM files, /etc/pam.d/{svnserve,httpd}, the "debug" string, like in:
auth required pam_sepermit.so debug

C. HTTP: edit the file /etc/httpd/conf/httpd.conf and change the "LogLevel" line to the following:
LogLevel debug

D. Restart all services and start analysing the log files.
#---
service httpd restart
service saslauthd restart
#---

[update]
Windows Eclipse users cannot benefit from this directly, they need an extra step. The procedure is at: http://www.woodwardweb.com/java/howto_configure.html or at http://stackoverflow.com/questions/620223/svn-ssh-question-in-windows

The basic configuration is to set a new environment variable for the SVN_SSH shell:

1. Download and install TortoiseSVN (link here)
2. Set-up the SVN_SSH variable:

Start -> Control Panel -> System -> Advanced (Tab) -> Environment Variables (Button)

2.1. At "User Variables" click at New... and fill the fields:

Variable name: SVN_SSH
Variable value: C:\\Program Files\\TortoiseSVN\\bin\\TortoisePlink.exe -l <ssh username>

OBS1.: Notice that the path may change according to your installation or windows language.

OBS2.: Do NOT forget the "-l <ssh username>" part or else you will be asked about your login for each and every file you check out in eclipse.

3. Set-up Eclipse:

3.1. Add Subclipse:
Update site: http://subclipse.tigris.org/update_1.6.x

3.2. Set-up SVN modus to use SVNkit:
Window -> Preferences -> Team -> SVN
SVN Interface:

4. To remove Eclipse repository "remembering" data, remove all: <path to workspace>/.metadata/.plugins/org.tigris.subversion.subclipse.*
5. Also remove the $ECLIPSE_HOME/configuration/org.eclipse.core.runtime/.keyring (reference here)