##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
ssh: update docs based on feedback.
marcink -
r2478:0874da14 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,138 +1,140 b''
1 .. _ssh-connection:
1 .. _ssh-connection:
2
2
3 SSH Connection
3 SSH Connection
4 --------------
4 --------------
5
5
6 If you wish to connect to your |repos| using SSH protocol, use the
6 If you wish to connect to your |repos| using SSH protocol, use the
7 following instructions.
7 following instructions.
8
8
9 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
9 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
10
10
11 By default a file `authorized_keys_rhodecode` is created containing
11 By default a file `authorized_keys_rhodecode` is created containing
12 configuration and all allowed user connection keys are stored inside.
12 configuration and all allowed user connection keys are stored inside.
13 On each change of stored keys inside |RCE| this file is updated with
13 On each change of stored keys inside |RCE| this file is updated with
14 proper data.
14 proper data.
15
15
16 .. code-block:: bash
16 .. code-block:: bash
17
17
18 # Edit sshd_config file most likely at /etc/ssh/sshd_config
18 # Edit sshd_config file most likely at /etc/ssh/sshd_config
19 # add or edit the AuthorizedKeysFile, and set to use custom files
19 # add or edit the AuthorizedKeysFile, and set to use custom files
20
20
21 AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
21 AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
22
22
23 This way we use a separate file for SSH access and separate one for
23 This way we use a separate file for SSH access and separate one for
24 SSH access to |RCE| repositories.
24 SSH access to |RCE| repositories.
25
25
26
26
27 2. Enable the SSH module on instance.
27 2. Enable the SSH module on instance.
28
28
29 On the server where |RCE| is running executing:
29 On the server where |RCE| is running executing:
30
30
31 .. code-block:: bash
31 .. code-block:: bash
32
32
33 rccontrol enable-module ssh {instance-id}
33 rccontrol enable-module ssh {instance-id}
34
34
35 This will add the following configuration into :file:`rhodecode.ini`.
35 This will add the following configuration into :file:`rhodecode.ini`.
36 This also can be done manually:
36 This also can be done manually:
37
37
38 .. code-block:: ini
38 .. code-block:: ini
39
39
40 ############################################################
40 ############################################################
41 ### SSH Support Settings ###
41 ### SSH Support Settings ###
42 ############################################################
42 ############################################################
43
43
44 ## Defines if a custom authorized_keys file should be created and written on
44 ## Defines if a custom authorized_keys file should be created and written on
45 ## any change user ssh keys. Setting this to false also disables posibility
45 ## any change user ssh keys. Setting this to false also disables posibility
46 ## of adding SSH keys by users from web interface. Super admins can still
46 ## of adding SSH keys by users from web interface. Super admins can still
47 ## manage SSH Keys.
47 ## manage SSH Keys.
48 ssh.generate_authorized_keyfile = true
48 ssh.generate_authorized_keyfile = true
49
49
50 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
50 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
51 # ssh.authorized_keys_ssh_opts =
51 # ssh.authorized_keys_ssh_opts =
52
52
53 ## Path to the authrozied_keys file where the generate entries are placed.
53 ## Path to the authrozied_keys file where the generate entries are placed.
54 ## It is possible to have multiple key files specified in `sshd_config` e.g.
54 ## It is possible to have multiple key files specified in `sshd_config` e.g.
55 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
55 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
56 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
56 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
57
57
58 ## Command to execute the SSH wrapper. The binary is available in the
58 ## Command to execute the SSH wrapper. The binary is available in the
59 ## rhodecode installation directory.
59 ## rhodecode installation directory.
60 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
60 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
61 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
61 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
62
62
63 ## Allow shell when executing the ssh-wrapper command
63 ## Allow shell when executing the ssh-wrapper command
64 ssh.wrapper_cmd_allow_shell = false
64 ssh.wrapper_cmd_allow_shell = false
65
65
66 ## Enables logging, and detailed output send back to the client during SSH
66 ## Enables logging, and detailed output send back to the client during SSH
67 ## operations. Usefull for debugging, shouldn't be used in production.
67 ## operations. Useful for debugging, shouldn't be used in production.
68 ssh.enable_debug_logging = false
68 ssh.enable_debug_logging = false
69
69
70 ## Paths to binary executable, by default they are the names, but we can
70 ## Paths to binary executable, by default they are the names, but we can
71 ## override them if we want to use a custom one
71 ## override them if we want to use a custom one
72 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
72 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75
75
76
76
77 3. Set base_url for instance to enable proper event handling (Optional):
77 3. Set base_url for instance to enable proper event handling (Optional):
78
78
79 If you wish to have integrations working correctly via SSH please configure
79 If you wish to have integrations working correctly via SSH please configure
80 The Application base_url.
80 The Application base_url.
81
81
82 Use the ``rccontrol status`` command to view instance details.
82 Use the ``rccontrol status`` command to view instance details.
83 Hostname is required for the integration to properly set the instance URL.
83 Hostname is required for the integration to properly set the instance URL.
84
84
85 When your hostname is known (e.g https://code.rhodecode.com) please set it
85 When your hostname is known (e.g https://code.rhodecode.com) please set it
86 inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
86 inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
87
87
88 add into `[app:main]` section the following configuration:
88 add into `[app:main]` section the following configuration:
89
89
90 .. code-block:: ini
90 .. code-block:: ini
91
91
92 app.base_url = https://code.rhodecode.com
92 app.base_url = https://code.rhodecode.com
93
93
94
94
95 4. Add the public key to your user account for testing.
95 4. Add the public key to your user account for testing.
96 First generate a new key, or use your existing one and have your public key
96 First generate a new key, or use your existing one and have your public key
97 at hand.
97 at hand.
98
98
99 Go to
99 Go to
100 :menuselection:`My Account --> SSH Keys` and add the public key with proper description.
100 :menuselection:`My Account --> SSH Keys` and add the public key with proper description.
101
101
102 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
102 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
103
103
104 Test the connection from your local machine using the following example:
104 Test the connection from your local machine using the following example:
105
105
106 .. note::
106 .. note::
107
107
108 In case of connection problems please set
108 In case of connection problems please set
109 `ssh.enable_debug_logging = true` inside the SSH configuration of
109 `ssh.enable_debug_logging = true` inside the SSH configuration of
110 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
110 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
111 Then add, remove your SSH key and try connecting again.
111 Then add, remove your SSH key and try connecting again.
112 Debug logging will be printed to help find the problems on the server side.
112 Debug logging will be printed to help find the problems on the server side.
113
113
114 Test connection using the ssh command from the local machine
114 Test connection using the ssh command from the local machine. Make sure
115 to use the use who is running the |RCE| server, and not your username from
116 the web interface.
115
117
116
118
117 For SVN:
119 For SVN:
118
120
119 .. code-block:: bash
121 .. code-block:: bash
120
122
121 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh" svn checkout svn+ssh://rhodecode@rc-server/repo_name
123 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name
122
124
123 For GIT:
125 For GIT:
124
126
125 .. code-block:: bash
127 .. code-block:: bash
126
128
127 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh' git clone ssh://rhodecode@rc-server/repo_name
129 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name
128
130
129 For Mercurial:
131 For Mercurial:
130
132
131 .. code-block:: bash
133 .. code-block:: bash
132
134
133 Add to hgrc:
135 Add to hgrc:
134
136
135 [ui]
137 [ui]
136 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh
138 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key
137
139
138 hg clone ssh://rhodecode@rc-server/repo_name
140 hg clone ssh://rhodecode@rc-server/repo_name
Show file before | Show file after | Hide comments
@@ -1,49 +1,51 b''
1 <div class="panel panel-default">
1 <div class="panel panel-default">
2 <div class="panel-heading">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 <p>
6 <p>
7 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
7 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
8 </p>
8 </p>
9 <h4>${_('Private key')}</h4>
9 <h4>${_('Private key')}</h4>
10 <pre>
10 <pre>
11 # Save the content as
11 # Save the content as
12 ~/.ssh/id_rsa_rhodecode_access_priv.key
12 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_priv.key
13 # Change permissions
13 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_priv.key
14 chmod 0600 ~/.ssh/id_rsa_rhodecode_access_priv.key
14 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
15
16 # Change permissions to 0600 to make it secure, and usable.
17 e.g chmod 0600 /home/<username>/.ssh/id_rsa_rhodecode_access_priv.key
15 </pre>
18 </pre>
16
19
17 <div>
20 <div>
18 <textarea style="height: 300px">${c.private}</textarea>
21 <textarea style="height: 300px">${c.private}</textarea>
19 </div>
22 </div>
20 <br/>
23 <br/>
21
24
22
23 <h4>${_('Public key')}</h4>
25 <h4>${_('Public key')}</h4>
24 <pre>
26 <pre>
25 # Save the content as
27 # Save the content as
26 ~/.ssh/id_rsa_rhodecode_access_pub.key
28 # Windows: /Users/<username>/.ssh/id_rsa_rhodecode_access_pub.key
27 # Change permissions
29 # macOS: /Users/<yourname>/.ssh/id_rsa_rhodecode_access_pub.key
28 chmod 0600 ~/.ssh/id_rsa_rhodecode_access_pub.key
30 # Linux: /home/<username>/.ssh/id_rsa_rhodecode_access_pub.key
29 </pre>
31 </pre>
30
32
31 <input type="text" value="${c.public}" class="large text" size="100"/>
33 <input type="text" value="${c.public}" class="large text" size="100"/>
32 <p>
34 <p>
33 % if hasattr(c, 'target_form_url'):
35 % if hasattr(c, 'target_form_url'):
34 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
36 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
35 % else:
37 % else:
36 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
38 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
37 % endif
39 % endif
38 ${_('Confirmation required on the next screen')}.
40 ${_('Confirmation required on the next screen')}.
39 </p>
41 </p>
40 </div>
42 </div>
41 </div>
43 </div>
42
44
43 <script>
45 <script>
44
46
45 $(document).ready(function(){
47 $(document).ready(function(){
46
48
47
49
48 });
50 });
49 </script>
51 </script>
General Comments 0
You need to be logged in to leave comments. Login now