Show More
ssh-connection.rst
144 lines
| 5.1 KiB
| text/x-rst
|
RstLexer
r1 | .. _ssh-connection: | |||
SSH Connection | ||||
-------------- | ||||
r2190 | If you wish to connect to your |repos| using SSH protocol, use the | |||
r1 | following instructions. | |||
r2190 | 1. Include |RCE| generated `authorized_keys` file into your sshd_config. | |||
r1 | ||||
r2190 | By default a file `authorized_keys_rhodecode` is created containing | |||
configuration and all allowed user connection keys are stored inside. | ||||
On each change of stored keys inside |RCE| this file is updated with | ||||
proper data. | ||||
r1 | ||||
r2190 | .. code-block:: bash | |||
r1 | ||||
r2190 | # Edit sshd_config file most likely at /etc/ssh/sshd_config | |||
# add or edit the AuthorizedKeysFile, and set to use custom files | ||||
AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode | ||||
r1 | ||||
r2190 | This way we use a separate file for SSH access and separate one for | |||
SSH access to |RCE| repositories. | ||||
2. Enable the SSH module on instance. | ||||
r1 | ||||
r2190 | On the server where |RCE| is running executing: | |||
.. code-block:: bash | ||||
r1 | ||||
r2190 | rccontrol enable-module ssh {instance-id} | |||
r1 | ||||
r2190 | This will add the following configuration into :file:`rhodecode.ini`. | |||
This also can be done manually: | ||||
r1 | ||||
r2190 | .. code-block:: ini | |||
r1 | ||||
r2190 | ############################################################ | |||
### SSH Support Settings ### | ||||
############################################################ | ||||
r1 | ||||
r2190 | ## Defines if a custom authorized_keys file should be created and written on | |||
## any change user ssh keys. Setting this to false also disables posibility | ||||
## of adding SSH keys by users from web interface. Super admins can still | ||||
## manage SSH Keys. | ||||
ssh.generate_authorized_keyfile = true | ||||
r1 | ||||
r2190 | ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` | |||
# ssh.authorized_keys_ssh_opts = | ||||
r1 | ||||
r2190 | ## Path to the authrozied_keys file where the generate entries are placed. | |||
## It is possible to have multiple key files specified in `sshd_config` e.g. | ||||
## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode | ||||
ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode | ||||
r1 | ||||
r2190 | ## Command to execute the SSH wrapper. The binary is available in the | |||
## rhodecode installation directory. | ||||
## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper | ||||
ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper | ||||
r1 | ||||
r2190 | ## Allow shell when executing the ssh-wrapper command | |||
ssh.wrapper_cmd_allow_shell = false | ||||
r1 | ||||
r2190 | ## Enables logging, and detailed output send back to the client during SSH | |||
r2478 | ## operations. Useful for debugging, shouldn't be used in production. | |||
r2190 | ssh.enable_debug_logging = false | |||
r1 | ||||
r2190 | ## Paths to binary executable, by default they are the names, but we can | |||
## override them if we want to use a custom one | ||||
ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg | ||||
ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git | ||||
ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve | ||||
r1 | ||||
r3478 | ## Enables SSH key generator web interface. Disabling this still allows users | |||
## to add their own keys. | ||||
ssh.enable_ui_key_generator = true | ||||
r1 | ||||
r2190 | 3. Set base_url for instance to enable proper event handling (Optional): | |||
r1 | ||||
r2190 | If you wish to have integrations working correctly via SSH please configure | |||
The Application base_url. | ||||
r1 | ||||
r2190 | Use the ``rccontrol status`` command to view instance details. | |||
Hostname is required for the integration to properly set the instance URL. | ||||
r1 | ||||
r2190 | When your hostname is known (e.g https://code.rhodecode.com) please set it | |||
inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` | ||||
r1 | ||||
r2190 | add into `[app:main]` section the following configuration: | |||
.. code-block:: ini | ||||
app.base_url = https://code.rhodecode.com | ||||
r1 | ||||
r2190 | ||||
4. Add the public key to your user account for testing. | ||||
First generate a new key, or use your existing one and have your public key | ||||
at hand. | ||||
r1 | ||||
r2190 | Go to | |||
:menuselection:`My Account --> SSH Keys` and add the public key with proper description. | ||||
r1 | ||||
r2190 | This will generate a new entry inside our configured `authorized_keys_rhodecode` file. | |||
r1 | ||||
r2190 | Test the connection from your local machine using the following example: | |||
.. note:: | ||||
r1 | ||||
r2190 | In case of connection problems please set | |||
`ssh.enable_debug_logging = true` inside the SSH configuration of | ||||
:file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` | ||||
Then add, remove your SSH key and try connecting again. | ||||
Debug logging will be printed to help find the problems on the server side. | ||||
r1 | ||||
r2478 | Test connection using the ssh command from the local machine. Make sure | |||
to use the use who is running the |RCE| server, and not your username from | ||||
the web interface. | ||||
r2190 | ||||
For SVN: | ||||
.. code-block:: bash | ||||
r1 | ||||
r2478 | SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name | |||
r2190 | ||||
For GIT: | ||||
r1 | ||||
r2190 | .. code-block:: bash | |||
r1 | ||||
r2478 | GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name | |||
r1 | ||||
r2190 | For Mercurial: | |||
r1 | ||||
r2190 | .. code-block:: bash | |||
r1 | ||||
r2190 | Add to hgrc: | |||
r1 | ||||
r2190 | [ui] | |||
r2478 | ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key | |||
r2190 | ||||
hg clone ssh://rhodecode@rc-server/repo_name | ||||