##// END OF EJS Templates
feat: security tab in admin, routes and placeholder view for ee functionality
feat: security tab in admin, routes and placeholder view for ee functionality

File last commit:

r5354:68e33808 default
r5518:3cd45018 default
Show More
ssh-connection.rst
144 lines | 5.1 KiB | text/x-rst | RstLexer
/ docs / auth / ssh-connection.rst
project: added all source files and assets
r1 .. _ssh-connection:
SSH Connection
--------------
docs: update SSH documentation
r2190 If you wish to connect to your |repos| using SSH protocol, use the
project: added all source files and assets
r1 following instructions.
docs: update SSH documentation
r2190 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 By default a file `authorized_keys_rhodecode` is created containing
configuration and all allowed user connection keys are stored inside.
On each change of stored keys inside |RCE| this file is updated with
proper data.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: bash
project: added all source files and assets
r1
docs: update SSH documentation
r2190 # Edit sshd_config file most likely at /etc/ssh/sshd_config
# add or edit the AuthorizedKeysFile, and set to use custom files
AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
project: added all source files and assets
r1
docs: update SSH documentation
r2190 This way we use a separate file for SSH access and separate one for
SSH access to |RCE| repositories.
2. Enable the SSH module on instance.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 On the server where |RCE| is running executing:
.. code-block:: bash
project: added all source files and assets
r1
docs: update SSH documentation
r2190 rccontrol enable-module ssh {instance-id}
project: added all source files and assets
r1
docs: update SSH documentation
r2190 This will add the following configuration into :file:`rhodecode.ini`.
This also can be done manually:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: ini
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ############################################################
### SSH Support Settings ###
############################################################
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Defines if a custom authorized_keys file should be created and written on
## any change user ssh keys. Setting this to false also disables posibility
## of adding SSH keys by users from web interface. Super admins can still
## manage SSH Keys.
ssh.generate_authorized_keyfile = true
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
# ssh.authorized_keys_ssh_opts =
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Path to the authrozied_keys file where the generate entries are placed.
## It is possible to have multiple key files specified in `sshd_config` e.g.
## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Command to execute the SSH wrapper. The binary is available in the
## rhodecode installation directory.
## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Allow shell when executing the ssh-wrapper command
ssh.wrapper_cmd_allow_shell = false
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Enables logging, and detailed output send back to the client during SSH
ssh: update docs based on feedback.
r2478 ## operations. Useful for debugging, shouldn't be used in production.
docs: update SSH documentation
r2190 ssh.enable_debug_logging = false
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Paths to binary executable, by default they are the names, but we can
## override them if we want to use a custom one
ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
project: added all source files and assets
r1
Issue #5536 - ability to disable server-side SSH key generation...
r3478 ## Enables SSH key generator web interface. Disabling this still allows users
## to add their own keys.
ssh.enable_ui_key_generator = true
project: added all source files and assets
r1
docs: update SSH documentation
r2190 3. Set base_url for instance to enable proper event handling (Optional):
project: added all source files and assets
r1
docs: update SSH documentation
r2190 If you wish to have integrations working correctly via SSH please configure
The Application base_url.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Use the ``rccontrol status`` command to view instance details.
Hostname is required for the integration to properly set the instance URL.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 When your hostname is known (e.g https://code.rhodecode.com) please set it
docs: fixed config files path for editing settings...
r5354 inside :file:`config/_shared/rhodecode.ini`
project: added all source files and assets
r1
docs: update SSH documentation
r2190 add into `[app:main]` section the following configuration:
.. code-block:: ini
app.base_url = https://code.rhodecode.com
project: added all source files and assets
r1
docs: update SSH documentation
r2190
4. Add the public key to your user account for testing.
First generate a new key, or use your existing one and have your public key
at hand.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Go to
:menuselection:`My Account --> SSH Keys` and add the public key with proper description.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Test the connection from your local machine using the following example:
.. note::
project: added all source files and assets
r1
docs: update SSH documentation
r2190 In case of connection problems please set
`ssh.enable_debug_logging = true` inside the SSH configuration of
docs: fixed config files path for editing settings...
r5354 :file:`config/_shared/rhodecode.ini`
docs: update SSH documentation
r2190 Then add, remove your SSH key and try connecting again.
Debug logging will be printed to help find the problems on the server side.
project: added all source files and assets
r1
ssh: update docs based on feedback.
r2478 Test connection using the ssh command from the local machine. Make sure
to use the use who is running the |RCE| server, and not your username from
the web interface.
docs: update SSH documentation
r2190
For SVN:
.. code-block:: bash
project: added all source files and assets
r1
ssh: update docs based on feedback.
r2478 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name
docs: update SSH documentation
r2190
For GIT:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: bash
project: added all source files and assets
r1
ssh: update docs based on feedback.
r2478 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name
project: added all source files and assets
r1
docs: update SSH documentation
r2190 For Mercurial:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: bash
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Add to hgrc:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 [ui]
ssh: update docs based on feedback.
r2478 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key
docs: update SSH documentation
r2190
hg clone ssh://rhodecode@rc-server/repo_name