##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
ssh: update docs based on feedback.
marcink -
r2478:0874da14 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,138 +1,140 b''
1 1 .. _ssh-connection:
2 2
3 3 SSH Connection
4 4 --------------
5 5
6 6 If you wish to connect to your |repos| using SSH protocol, use the
7 7 following instructions.
8 8
9 9 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
10 10
11 11 By default a file `authorized_keys_rhodecode` is created containing
12 12 configuration and all allowed user connection keys are stored inside.
13 13 On each change of stored keys inside |RCE| this file is updated with
14 14 proper data.
15 15
16 16 .. code-block:: bash
17 17
18 18 # Edit sshd_config file most likely at /etc/ssh/sshd_config
19 19 # add or edit the AuthorizedKeysFile, and set to use custom files
20 20
21 21 AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
22 22
23 23 This way we use a separate file for SSH access and separate one for
24 24 SSH access to |RCE| repositories.
25 25
26 26
27 27 2. Enable the SSH module on instance.
28 28
29 29 On the server where |RCE| is running executing:
30 30
31 31 .. code-block:: bash
32 32
33 33 rccontrol enable-module ssh {instance-id}
34 34
35 35 This will add the following configuration into :file:`rhodecode.ini`.
36 36 This also can be done manually:
37 37
38 38 .. code-block:: ini
39 39
40 40 ############################################################
41 41 ### SSH Support Settings ###
42 42 ############################################################
43 43
44 44 ## Defines if a custom authorized_keys file should be created and written on
45 45 ## any change user ssh keys. Setting this to false also disables posibility
46 46 ## of adding SSH keys by users from web interface. Super admins can still
47 47 ## manage SSH Keys.
48 48 ssh.generate_authorized_keyfile = true
49 49
50 50 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
51 51 # ssh.authorized_keys_ssh_opts =
52 52
53 53 ## Path to the authrozied_keys file where the generate entries are placed.
54 54 ## It is possible to have multiple key files specified in `sshd_config` e.g.
55 55 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
56 56 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
57 57
58 58 ## Command to execute the SSH wrapper. The binary is available in the
59 59 ## rhodecode installation directory.
60 60 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
61 61 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
62 62
63 63 ## Allow shell when executing the ssh-wrapper command
64 64 ssh.wrapper_cmd_allow_shell = false
65 65
66 66 ## Enables logging, and detailed output send back to the client during SSH
67 ## operations. Usefull for debugging, shouldn't be used in production.
67 ## operations. Useful for debugging, shouldn't be used in production.
68 68 ssh.enable_debug_logging = false
69 69
70 70 ## Paths to binary executable, by default they are the names, but we can
71 71 ## override them if we want to use a custom one
72 72 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
73 73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75 75
76 76
77 77 3. Set base_url for instance to enable proper event handling (Optional):
78 78
79 79 If you wish to have integrations working correctly via SSH please configure
80 80 The Application base_url.
81 81
82 82 Use the ``rccontrol status`` command to view instance details.
83 83 Hostname is required for the integration to properly set the instance URL.
84 84
85 85 When your hostname is known (e.g https://code.rhodecode.com) please set it
86 86 inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
87 87
88 88 add into `[app:main]` section the following configuration:
89 89
90 90 .. code-block:: ini
91 91
92 92 app.base_url = https://code.rhodecode.com
93 93
94 94
95 95 4. Add the public key to your user account for testing.
96 96 First generate a new key, or use your existing one and have your public key
97 97 at hand.
98 98
99 99 Go to
100 100 :menuselection:`My Account --> SSH Keys` and add the public key with proper description.
101 101
102 102 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
103 103
104 104 Test the connection from your local machine using the following example:
105 105
106 106 .. note::
107 107
108 108 In case of connection problems please set
109 109 `ssh.enable_debug_logging = true` inside the SSH configuration of
110 110 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
111 111 Then add, remove your SSH key and try connecting again.
112 112 Debug logging will be printed to help find the problems on the server side.
113 113
114 Test connection using the ssh command from the local machine
114 Test connection using the ssh command from the local machine. Make sure
115 to use the use who is running the |RCE| server, and not your username from
116 the web interface.
115 117
116 118
117 119 For SVN:
118 120
119 121 .. code-block:: bash
120 122
121 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh" svn checkout svn+ssh://rhodecode@rc-server/repo_name
123 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name
122 124
123 125 For GIT:
124 126
125 127 .. code-block:: bash
126 128
127 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh' git clone ssh://rhodecode@rc-server/repo_name
129 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name
128 130
129 131 For Mercurial:
130 132
131 133 .. code-block:: bash
132 134
133 135 Add to hgrc:
134 136
135 137 [ui]
136 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh
138 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key
137 139
138 140 hg clone ssh://rhodecode@rc-server/repo_name
Show file before | Show file after | Hide comments
@@ -1,49 +1,51 b''
1 1 <div class="panel panel-default">
2 2 <div class="panel-heading">
3 3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
4 4 </div>
5 5 <div class="panel-body">
6 6 <p>
7 7 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
8 8 </p>
9 9 <h4>${_('Private key')}</h4>
10 10 <pre>
11 11 # Save the content as
12 ~/.ssh/id_rsa_rhodecode_access_priv.key
13 # Change permissions
14 chmod 0600 ~/.ssh/id_rsa_rhodecode_access_priv.key
12 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_priv.key
13 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_priv.key
14 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
15
16 # Change permissions to 0600 to make it secure, and usable.
17 e.g chmod 0600 /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
15 18 </pre>
16 19
17 20 <div>
18 21 <textarea style="height: 300px">${c.private}</textarea>
19 22 </div>
20 23 <br/>
21 24
22
23 25 <h4>${_('Public key')}</h4>
24 26 <pre>
25 27 # Save the content as
26 ~/.ssh/id_rsa_rhodecode_access_pub.key
27 # Change permissions
28 chmod 0600 ~/.ssh/id_rsa_rhodecode_access_pub.key
28 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_pub.key
29 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_pub.key
30 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_pub.key
29 31 </pre>
30 32
31 33 <input type="text" value="${c.public}" class="large text" size="100"/>
32 34 <p>
33 35 % if hasattr(c, 'target_form_url'):
34 36 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
35 37 % else:
36 38 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
37 39 % endif
38 40 ${_('Confirmation required on the next screen')}.
39 41 </p>
40 42 </div>
41 43 </div>
42 44
43 45 <script>
44 46
45 47 $(document).ready(function(){
46 48
47 49
48 50 });
49 51 </script>
General Comments 0
You need to be logged in to leave comments. Login now