rhodecode-enterprise-ce Files · docs/auth/ssh-connection.rst

requirements: updated structure of requirement files, and re-generated nix files.

marcink - - Load All Authors

File last commit:

r1:854a839a default


                r1236:7331abed

default

Download file

             ssh-connection.rst
        
                    129 lines
            
             | 3.8 KiB
            
                | text/x-rst
            
             |
                RstLexer
            
             / docs / auth / ssh-connection.rst
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        marcink
    
project: added all source files and assets

              r1
            
      .. _ssh-connection:

      SSH Connection

      --------------

      If you wish to connect to your Git or Mercurial |repos| using SSH, use the

      following instructions.

      .. note::

         SSH access with full |RCE| permissions will require an Admin |authtoken|.

         You need to install the |RC| SSH tool on the server which is running

         the |RCE| instance.

      1. Gather the following information about the instance you wish to connect to:

         * *Hostname*: Use the ``rccontrol status`` command to view instance details.

         * *API key*: From the |RCE|, go to

           :menuselection:`username --> My Account --> Auth Tokens`

         * *Configuration file*: Identify the configuration file for that instance,

           the default is :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`

         * Identify which |git| and |hg| packages your |RCM| instance is using.

             * For |git|, see

               :menuselection:`Admin --> Settings --> System Info`

             * For |hg|, use the ``which hg`` command.

      2. Clone the |RC| SSH script,

         ``hg clone https://code.rhodecode.com/rhodecode-ssh``

      3. Copy the ``sshwrapper.sample.ini``, and save it as ``sshwrapper.ini``

      4. Configure the :file:`sshwrapper.ini` file using the following example:

      .. code-block:: ini

          [api]

          host=http://localhost:10005

          key=24a67076d69c84670132f55166ac79d1faafd660

          [shell]

          shell=/bin/bash -l

          [vcs]

          root=/path/to/repos/

          [rhodecode]

          config=/home/user/.rccontrol/enterprise-3/rhodecode.ini

          [vcs:hg]

          path=/usr/bin/hg

          # should be a base dir for all git binaries, i.e. not ../bin/git

          [vcs:git]

          path=/usr/bin

          [keys]

          path=/home/user/.ssh/authorized_keys

      5. Add the public key to your |RCE| instance server using the

         :file:`addkey.py` script. This script automatically creates

         the :file:`authorized_keys` file which was specified in your

         :file:`sshwrapper.ini` configuration. Use the following example:

      .. code-block:: bash

         $ ./addkey.py --user username --shell --key /home/username/.ssh/id_rsa.pub

      .. important::

         To give SSH access to all users, you will need to maintain

         each users |authtoken| in the :file:`authorized_keys` file.

      6. Connect to your server using SSH from your local machine.

      .. code-block:: bash

          $ ssh user@localhost

          Enter passphrase for key '/home/username/.ssh/id_rsa':

      If you need to manually configure the ``authorized_keys`` file,

      add a line for each key using the following example:

      .. code-block:: vim

         command="/home/user/.rhodecode-ssh/sshwrapper.py --user username --shell",

         no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa yourpublickey

      .. tip::

         Best practice would be to create a special SSH user account with each

         users |authtoken| attached.

         |RCE| will manage the user permissions based on the |authtoken| supplied.

         This would allow you to immediately revoke all SSH access by removing one

         user from your server if you needed to.

      See the following command line example of setting this up. These steps

      take place on the server.

      .. code-block:: bash

          # On the RhodeCode Enterprise server

          # set up user and clone SSH tool

          $ sudo adduser testuser

          $ sudo su - testuser

          $ hg clone https://code.rhodecode.com/rhodecode-ssh

          $ cd rhodecode-ssh

          # Copy and modify the sshwrapper.ini as explained in step 4

          $ cp sshwrapper.sample.ini sshwrapper.ini

          $ cd ~

          $ mkdir .ssh

          $ touch .ssh/authorized_keys

          # copy your ssh public key, id_rsa.pub, from your local machine

          # to the server. We’ll use it in the next step

          $ python addkey.py --user testuser --shell --key /path/to/id_rsa.pub

          # Note: testssh - user on the rhodecode instance

          $ chmod 755 sshwrapper.py

      Test the connection from your local machine using the following example:

      .. code-block:: bash

          # Test connection using the ssh command from the local machine

          $ ssh testuser@my-server.example.com

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

marcink project: added all source files and assets	r1	.. _ssh-connection:

		SSH Connection
		--------------

		If you wish to connect to your Git or Mercurial \|repos\| using SSH, use the
		following instructions.

		.. note::

		SSH access with full \|RCE\| permissions will require an Admin \|authtoken\|.

		You need to install the \|RC\| SSH tool on the server which is running
		the \|RCE\| instance.

		1. Gather the following information about the instance you wish to connect to:

		* Hostname: Use the ``rccontrol status`` command to view instance details.
		* API key: From the \|RCE\|, go to
		:menuselection:`username --> My Account --> Auth Tokens`
		* Configuration file: Identify the configuration file for that instance,
		the default is :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
		* Identify which \|git\| and \|hg\| packages your \|RCM\| instance is using.

		* For \|git\|, see
		:menuselection:`Admin --> Settings --> System Info`
		* For \|hg\|, use the ``which hg`` command.

		2. Clone the \|RC\| SSH script,
		``hg clone https://code.rhodecode.com/rhodecode-ssh``
		3. Copy the ``sshwrapper.sample.ini``, and save it as ``sshwrapper.ini``
		4. Configure the :file:`sshwrapper.ini` file using the following example:

		.. code-block:: ini

		[api]
		host=http://localhost:10005
		key=24a67076d69c84670132f55166ac79d1faafd660

		[shell]
		shell=/bin/bash -l

		[vcs]
		root=/path/to/repos/

		[rhodecode]
		config=/home/user/.rccontrol/enterprise-3/rhodecode.ini

		[vcs:hg]
		path=/usr/bin/hg

		# should be a base dir for all git binaries, i.e. not ../bin/git
		[vcs:git]
		path=/usr/bin

		[keys]
		path=/home/user/.ssh/authorized_keys

		5. Add the public key to your \|RCE\| instance server using the
		:file:`addkey.py` script. This script automatically creates
		the :file:`authorized_keys` file which was specified in your
		:file:`sshwrapper.ini` configuration. Use the following example:

		.. code-block:: bash

		$ ./addkey.py --user username --shell --key /home/username/.ssh/id_rsa.pub

		.. important::

		To give SSH access to all users, you will need to maintain
		each users \|authtoken\| in the :file:`authorized_keys` file.

		6. Connect to your server using SSH from your local machine.

		.. code-block:: bash

		$ ssh user@localhost
		Enter passphrase for key '/home/username/.ssh/id_rsa':

		If you need to manually configure the ``authorized_keys`` file,
		add a line for each key using the following example:

		.. code-block:: vim

		command="/home/user/.rhodecode-ssh/sshwrapper.py --user username --shell",
		no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa yourpublickey

		.. tip::

		Best practice would be to create a special SSH user account with each
		users \|authtoken\| attached.

		\|RCE\| will manage the user permissions based on the \|authtoken\| supplied.
		This would allow you to immediately revoke all SSH access by removing one
		user from your server if you needed to.

		See the following command line example of setting this up. These steps
		take place on the server.

		.. code-block:: bash

		# On the RhodeCode Enterprise server
		# set up user and clone SSH tool
		$ sudo adduser testuser
		$ sudo su - testuser
		$ hg clone https://code.rhodecode.com/rhodecode-ssh
		$ cd rhodecode-ssh

		# Copy and modify the sshwrapper.ini as explained in step 4
		$ cp sshwrapper.sample.ini sshwrapper.ini

		$ cd ~
		$ mkdir .ssh
		$ touch .ssh/authorized_keys

		# copy your ssh public key, id_rsa.pub, from your local machine
		# to the server. We’ll use it in the next step

		$ python addkey.py --user testuser --shell --key /path/to/id_rsa.pub

		# Note: testssh - user on the rhodecode instance
		$ chmod 755 sshwrapper.py

		Test the connection from your local machine using the following example:

		.. code-block:: bash

		# Test connection using the ssh command from the local machine
		$ ssh testuser@my-server.example.com