##// END OF EJS Templates
env-variables: make it safer if there's a syntax problem inside .ini file....
env-variables: make it safer if there's a syntax problem inside .ini file. It's better to not crash, since it means server wont start. Let users fix problems instead of breaking the startup because of that.

File last commit:

r2478:0874da14 default
r3237:5cf82ecc default
Show More
ssh-connection.rst
140 lines | 5.0 KiB | text/x-rst | RstLexer
/ docs / auth / ssh-connection.rst
project: added all source files and assets
r1 .. _ssh-connection:
SSH Connection
--------------
docs: update SSH documentation
r2190 If you wish to connect to your |repos| using SSH protocol, use the
project: added all source files and assets
r1 following instructions.
docs: update SSH documentation
r2190 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 By default a file `authorized_keys_rhodecode` is created containing
configuration and all allowed user connection keys are stored inside.
On each change of stored keys inside |RCE| this file is updated with
proper data.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: bash
project: added all source files and assets
r1
docs: update SSH documentation
r2190 # Edit sshd_config file most likely at /etc/ssh/sshd_config
# add or edit the AuthorizedKeysFile, and set to use custom files
AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
project: added all source files and assets
r1
docs: update SSH documentation
r2190 This way we use a separate file for SSH access and separate one for
SSH access to |RCE| repositories.
2. Enable the SSH module on instance.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 On the server where |RCE| is running executing:
.. code-block:: bash
project: added all source files and assets
r1
docs: update SSH documentation
r2190 rccontrol enable-module ssh {instance-id}
project: added all source files and assets
r1
docs: update SSH documentation
r2190 This will add the following configuration into :file:`rhodecode.ini`.
This also can be done manually:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: ini
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ############################################################
### SSH Support Settings ###
############################################################
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Defines if a custom authorized_keys file should be created and written on
## any change user ssh keys. Setting this to false also disables posibility
## of adding SSH keys by users from web interface. Super admins can still
## manage SSH Keys.
ssh.generate_authorized_keyfile = true
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
# ssh.authorized_keys_ssh_opts =
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Path to the authrozied_keys file where the generate entries are placed.
## It is possible to have multiple key files specified in `sshd_config` e.g.
## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Command to execute the SSH wrapper. The binary is available in the
## rhodecode installation directory.
## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Allow shell when executing the ssh-wrapper command
ssh.wrapper_cmd_allow_shell = false
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Enables logging, and detailed output send back to the client during SSH
ssh: update docs based on feedback.
r2478 ## operations. Useful for debugging, shouldn't be used in production.
docs: update SSH documentation
r2190 ssh.enable_debug_logging = false
project: added all source files and assets
r1
docs: update SSH documentation
r2190 ## Paths to binary executable, by default they are the names, but we can
## override them if we want to use a custom one
ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
project: added all source files and assets
r1
docs: update SSH documentation
r2190 3. Set base_url for instance to enable proper event handling (Optional):
project: added all source files and assets
r1
docs: update SSH documentation
r2190 If you wish to have integrations working correctly via SSH please configure
The Application base_url.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Use the ``rccontrol status`` command to view instance details.
Hostname is required for the integration to properly set the instance URL.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 When your hostname is known (e.g https://code.rhodecode.com) please set it
inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
project: added all source files and assets
r1
docs: update SSH documentation
r2190 add into `[app:main]` section the following configuration:
.. code-block:: ini
app.base_url = https://code.rhodecode.com
project: added all source files and assets
r1
docs: update SSH documentation
r2190
4. Add the public key to your user account for testing.
First generate a new key, or use your existing one and have your public key
at hand.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Go to
:menuselection:`My Account --> SSH Keys` and add the public key with proper description.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Test the connection from your local machine using the following example:
.. note::
project: added all source files and assets
r1
docs: update SSH documentation
r2190 In case of connection problems please set
`ssh.enable_debug_logging = true` inside the SSH configuration of
:file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
Then add, remove your SSH key and try connecting again.
Debug logging will be printed to help find the problems on the server side.
project: added all source files and assets
r1
ssh: update docs based on feedback.
r2478 Test connection using the ssh command from the local machine. Make sure
to use the use who is running the |RCE| server, and not your username from
the web interface.
docs: update SSH documentation
r2190
For SVN:
.. code-block:: bash
project: added all source files and assets
r1
ssh: update docs based on feedback.
r2478 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name
docs: update SSH documentation
r2190
For GIT:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: bash
project: added all source files and assets
r1
ssh: update docs based on feedback.
r2478 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name
project: added all source files and assets
r1
docs: update SSH documentation
r2190 For Mercurial:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 .. code-block:: bash
project: added all source files and assets
r1
docs: update SSH documentation
r2190 Add to hgrc:
project: added all source files and assets
r1
docs: update SSH documentation
r2190 [ui]
ssh: update docs based on feedback.
r2478 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key
docs: update SSH documentation
r2190
hg clone ssh://rhodecode@rc-server/repo_name