##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
svn: fixed case of wrong extracted repository name for SSH backend. In cases...
svn: fixed case of wrong extracted repository name for SSH backend. In cases where we commited to a nested subdirs SVN reported the access path with the subdir paths in it. We couldn't then match that extended name into proper rhodecode repository for ACL checks. - Current implementation gives an slight overhead as we have to lookup all repositories - fixes #5606
csalgau - - Load All Authors

File last commit:

r3478:6cd9b768 default
r4281:5da17e74 default
Show More
ssh-connection.rst
144 lines | 5.1 KiB | text/x-rst | RstLexer
/ docs / auth / ssh-connection.rst
History | Annotation | Raw |Copy content |Copy permalink

SSH Connection

If you wish to connect to your |repos| using SSH protocol, use the following instructions.

  1. Include |RCE| generated authorized_keys file into your sshd_config.

    By default a file authorized_keys_rhodecode is created containing configuration and all allowed user connection keys are stored inside. On each change of stored keys inside |RCE| this file is updated with proper data.

    # Edit sshd_config file most likely at /etc/ssh/sshd_config
# add or edit the AuthorizedKeysFile, and set to use custom files

AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode

    This way we use a separate file for SSH access and separate one for SSH access to |RCE| repositories.

  2. Enable the SSH module on instance.

    On the server where |RCE| is running executing:

    rccontrol enable-module ssh {instance-id}

    This will add the following configuration into :file:`rhodecode.ini`. This also can be done manually:

    ############################################################
### SSH Support Settings                                 ###
############################################################

## Defines if a custom authorized_keys file should be created and written on
## any change user ssh keys. Setting this to false also disables posibility
## of adding SSH keys by users from web interface. Super admins can still
## manage SSH Keys.
ssh.generate_authorized_keyfile = true

## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
# ssh.authorized_keys_ssh_opts =

## Path to the authrozied_keys file where the generate entries are placed.
## It is possible to have multiple key files specified in `sshd_config` e.g.
## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode

## Command to execute the SSH wrapper. The binary is available in the
## rhodecode installation directory.
## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper

## Allow shell when executing the ssh-wrapper command
ssh.wrapper_cmd_allow_shell = false

## Enables logging, and detailed output send back to the client during SSH
## operations. Useful for debugging, shouldn't be used in production.
ssh.enable_debug_logging = false

## Paths to binary executable, by default they are the names, but we can
## override them if we want to use a custom one
ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve

## Enables SSH key generator web interface. Disabling this still allows users
## to add their own keys.
ssh.enable_ui_key_generator = true

  3. Set base_url for instance to enable proper event handling (Optional):

    If you wish to have integrations working correctly via SSH please configure The Application base_url.

    Use the rccontrol status command to view instance details. Hostname is required for the integration to properly set the instance URL.

    When your hostname is known (e.g https://code.rhodecode.com) please set it inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`

    add into [app:main] section the following configuration:

    app.base_url = https://code.rhodecode.com

  4. Add the public key to your user account for testing. First generate a new key, or use your existing one and have your public key at hand.

    Go to :menuselection:`My Account --> SSH Keys` and add the public key with proper description.

    This will generate a new entry inside our configured authorized_keys_rhodecode file.

    Test the connection from your local machine using the following example:

    Note

    In case of connection problems please set ssh.enable_debug_logging = true inside the SSH configuration of :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` Then add, remove your SSH key and try connecting again. Debug logging will be printed to help find the problems on the server side.

    Test connection using the ssh command from the local machine. Make sure to use the use who is running the |RCE| server, and not your username from the web interface.

    For SVN:

    SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name

    For GIT:

    GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name

    For Mercurial:

    Add to hgrc:

[ui]
ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key

hg clone ssh://rhodecode@rc-server/repo_name