Issue #5536 - ability to disable server-side SSH key generation...
csalgau -
r3478:6cd9b768 default
Not Reviewed
Show More
Add another comment
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
@@ -631,6 +631,10
631 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
631 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
632 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
632 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
633
633
634 ## Enables SSH key generator web interface. Disabling this still allows users
635 ## to add their own keys.
636 ssh.enable_ui_key_generator = true
637
634
638
635 ## Dummy marker to add new entries after.
639 ## Dummy marker to add new entries after.
636 ## Add any custom entries below. Please don't remove.
640 ## Add any custom entries below. Please don't remove.
@@ -604,6 +604,10
604 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
604 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
605 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
605 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
606
606
607 ## Enables SSH key generator web interface. Disabling this still allows users
608 ## to add their own keys.
609 ssh.enable_ui_key_generator = true
610
607
611
608 ## Dummy marker to add new entries after.
612 ## Dummy marker to add new entries after.
609 ## Add any custom entries below. Please don't remove.
613 ## Add any custom entries below. Please don't remove.
@@ -73,6 +73,10
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75
75
76 ## Enables SSH key generator web interface. Disabling this still allows users
77 ## to add their own keys.
78 ssh.enable_ui_key_generator = true
79
76
80
77 3. Set base_url for instance to enable proper event handling (Optional):
81 3. Set base_url for instance to enable proper event handling (Optional):
78
82
@@ -71,10 +71,11
71 c = self.load_default_context()
71 c = self.load_default_context()
72
72
73 c.active = 'ssh_keys_generate'
73 c.active = 'ssh_keys_generate'
74 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
74 if c.ssh_key_generator_enabled:
75 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
75 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
76 c.target_form_url = h.route_path(
76 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
77 'my_account_ssh_keys', _query=dict(default_key=c.public))
77 c.target_form_url = h.route_path(
78 'my_account_ssh_keys', _query=dict(default_key=c.public))
78 return self._get_template_context(c)
79 return self._get_template_context(c)
79
80
80 @LoginRequired()
81 @LoginRequired()
@@ -36,6 +36,7
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
39 _bool_setting(settings, config_keys.ssh_key_generator_enabled, 'true')
39
40
40 _string_setting(settings, config_keys.authorized_keys_file_path,
41 _string_setting(settings, config_keys.authorized_keys_file_path,
41 '~/.ssh/authorized_keys_rhodecode',
42 '~/.ssh/authorized_keys_rhodecode',
@@ -24,6 +24,7
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
27 ssh_key_generator_enabled = 'ssh.enable_ui_key_generator'
27 wrapper_cmd = 'ssh.wrapper_cmd'
28 wrapper_cmd = 'ssh.wrapper_cmd'
28 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 enable_debug_logging = 'ssh.enable_debug_logging'
30 enable_debug_logging = 'ssh.enable_debug_logging'
@@ -348,6 +348,8
348 config.get('labs_settings_active', 'false'))
348 config.get('labs_settings_active', 'false'))
349 context.ssh_enabled = str2bool(
349 context.ssh_enabled = str2bool(
350 config.get('ssh.generate_authorized_keyfile', 'false'))
350 config.get('ssh.generate_authorized_keyfile', 'false'))
351 context.ssh_key_generator_enabled = str2bool(
352 config.get('ssh.enable_ui_key_generator', 'true'))
351
353
352 context.visual.allow_repo_location_change = str2bool(
354 context.visual.allow_repo_location_change = str2bool(
353 config.get('allow_repo_location_change', True))
355 config.get('allow_repo_location_change', True))
@@ -55,7 +55,9
55 </div>
55 </div>
56 <div class="input">
56 <div class="input">
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
58 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
58 % if c.ssh_key_generator_enabled:
59 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
60 % endif
59 </div>
61 </div>
60 </div>
62 </div>
61
63
@@ -70,7 +72,7
70 ${h.reset('reset',_('Reset'),class_="btn")}
72 ${h.reset('reset',_('Reset'),class_="btn")}
71 </div>
73 </div>
72 % if c.default_key:
74 % if c.default_key:
73 ${_('Click add to use this generate SSH key')}
75 ${_('Click add to use this generated SSH key')}
74 % endif
76 % endif
75 </div>
77 </div>
76 </div>
78 </div>
@@ -50,7 +50,9
50 </div>
50 </div>
51 <div class="input">
51 <div class="input">
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
53 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
53 % if c.ssh_key_generator_enabled:
54 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
55 % endif
54 </div>
56 </div>
55 </div>
57 </div>
56
58
@@ -1,14 +1,15
1 <div class="panel panel-default">
1 <div class="panel panel-default">
2 <div class="panel-heading">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
3 <h3 class="panel-title">${_('New SSH Key generation')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 <p>
6 %if c.ssh_enabled and c.ssh_key_generator_enabled:
7 ${_('Below is a 2048 bit generated SSH RSA key.')}<br/>
7 <p>
8 ${_('If You wish to use it to access RhodeCode via the SSH please save the private key and click `Use this generated key` at the bottom.')}
8 ${_('Below is a 2048 bit generated SSH RSA key.')}<br/>
9 </p>
9 ${_('If You wish to use it to access RhodeCode via the SSH please save the private key and click `Use this generated key` at the bottom.')}
10 <h4>${_('Private key')}</h4>
10 </p>
11 <pre>
11 <h4>${_('Private key')}</h4>
12 <pre>
12 # Save the below content as
13 # Save the below content as
13 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
14 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
14 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
15 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
@@ -16,30 +17,35
16
17
17 # Change permissions to 0600 to make it secure, and usable.
18 # Change permissions to 0600 to make it secure, and usable.
18 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
19 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
19 </pre>
20 </pre>
20
21
21 <div>
22 <div>
22 <textarea style="height: 300px">${c.private}</textarea>
23 <textarea style="height: 300px">${c.private}</textarea>
23 </div>
24 </div>
24 <br/>
25 <br/>
25
26
26 <h4>${_('Public key')}</h4>
27 <h4>${_('Public key')}</h4>
27 <pre>
28 <pre>
28 # Save the below content as
29 # Save the below content as
29 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
30 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
30 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
31 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
31 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
32 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
32 </pre>
33 </pre>
33
34
34 <input type="text" value="${c.public}" class="large text" size="100"/>
35 <input type="text" value="${c.public}" class="large text" size="100"/>
35 <p>
36 <p>
36 % if hasattr(c, 'target_form_url'):
37 % if hasattr(c, 'target_form_url'):
37 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
38 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
38 % else:
39 % else:
39 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
40 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
40 % endif
41 % endif
41 ${_('Confirmation required on the next screen')}.
42 ${_('Confirmation required on the next screen')}.
42 </p>
43 </p>
44 % else:
45 <h2>
46 ${_('SSH key generator has been disabled.')}
47 </h2>
48 % endif
43 </div>
49 </div>
44 </div>
50 </div>
45
51
@@ -572,6 +572,10
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
574
574
575 ## Enables SSH key generator web interface. Disabling this still allows users
576 ## to add their own keys.
577 ssh.enable_ui_key_generator = true
578
575
579
576 ## Dummy marker to add new entries after.
580 ## Dummy marker to add new entries after.
577 ## Add any custom entries below. Please don't remove.
581 ## Add any custom entries below. Please don't remove.
Comments 0
You need to be logged in to leave comments. Login now