While jenkins tests this and shows the error, i'll point out that this endif generates syntax error. Should be % endif
Pull request !2275 From Wed, 13 Feb 2019 21:07:07
Shadow repository data not available.
Closed,
Approved
- calculated based on 3 reviewers votes
- Issue #5536 - ability to disable server-side SSH key generation
Pull request versions not available.
| Time | Author | Commit | Description | |
|---|---|---|---|---|
r3208:7d47a18b6391
|
|
|||
r3207:55f6d5276de9
|
|
|||
r3206:c02cc55651b4
|
|
Add another comment
TODOs:
0 unresolved
2 Resolved
| @@ -630,6 +630,10 | |||
|
|
630 | 630 | ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git |
|
|
631 | 631 | ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve |
|
|
632 | 632 | |
|
|
633 | ## Enables SSH key generator web interface. Disabling this still allows users | |
|
|
634 | ## to add their own keys. | |
|
|
635 | ssh.enable_ui_key_generator = true | |
|
|
636 | ||
|
|
633 | 637 | |
|
|
634 | 638 | ## Dummy marker to add new entries after. |
|
|
635 | 639 | ## Add any custom entries below. Please don't remove. |
| @@ -602,6 +602,10 | |||
|
|
602 | 602 | ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git |
|
|
603 | 603 | ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve |
|
|
604 | 604 | |
|
|
605 | ## Enables SSH key generator web interface. Disabling this still allows users | |
|
|
606 | ## to add their own keys. | |
|
|
607 | ssh.enable_ui_key_generator = true | |
|
|
608 | ||
|
|
605 | 609 | |
|
|
606 | 610 | ## Dummy marker to add new entries after. |
|
|
607 | 611 | ## Add any custom entries below. Please don't remove. |
| @@ -73,6 +73,10 | |||
|
|
73 | 73 | ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git |
|
|
74 | 74 | ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve |
|
|
75 | 75 | |
|
|
76 | ## Enables SSH key generator web interface. Disabling this still allows users | |
|
|
77 | ## to add their own keys. | |
|
|
78 | ssh.enable_ui_key_generator = true | |
|
|
79 | ||
|
|
76 | 80 | |
|
|
77 | 81 | 3. Set base_url for instance to enable proper event handling (Optional): |
|
|
78 | 82 | |
| @@ -71,10 +71,11 | |||
|
|
71 | 71 | c = self.load_default_context() |
|
|
72 | 72 | |
|
|
73 | 73 | c.active = 'ssh_keys_generate' |
|
|
74 | comment = 'RhodeCode-SSH {}'.format(c.user.email or '') | |
|
|
75 | c.private, c.public = SshKeyModel().generate_keypair(comment=comment) | |
|
|
76 | c.target_form_url = h.route_path( | |
|
|
77 | 'my_account_ssh_keys', _query=dict(default_key=c.public)) | |
|
|
74 | if c.ssh_key_generator_enabled: | |
|
|
75 | comment = 'RhodeCode-SSH {}'.format(c.user.email or '') | |
|
|
76 | c.private, c.public = SshKeyModel().generate_keypair(comment=comment) | |
|
|
77 | c.target_form_url = h.route_path( | |
|
|
78 | 'my_account_ssh_keys', _query=dict(default_key=c.public)) | |
|
|
78 | 79 | return self._get_template_context(c) |
|
|
79 | 80 | |
|
|
80 | 81 | @LoginRequired() |
| @@ -36,6 +36,7 | |||
|
|
36 | 36 | _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false') |
|
|
37 | 37 | _bool_setting(settings, config_keys.wrapper_allow_shell, 'false') |
|
|
38 | 38 | _bool_setting(settings, config_keys.enable_debug_logging, 'false') |
|
|
39 | _bool_setting(settings, config_keys.ssh_key_generator_enabled, 'true') | |
|
|
39 | 40 | |
|
|
40 | 41 | _string_setting(settings, config_keys.authorized_keys_file_path, |
|
|
41 | 42 | '~/.ssh/authorized_keys_rhodecode', |
| @@ -24,6 +24,7 | |||
|
|
24 | 24 | generate_authorized_keyfile = 'ssh.generate_authorized_keyfile' |
|
|
25 | 25 | authorized_keys_file_path = 'ssh.authorized_keys_file_path' |
|
|
26 | 26 | authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts' |
|
|
27 | ssh_key_generator_enabled = 'ssh.enable_ui_key_generator' | |
|
|
27 | 28 | wrapper_cmd = 'ssh.wrapper_cmd' |
|
|
28 | 29 | wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell' |
|
|
29 | 30 | enable_debug_logging = 'ssh.enable_debug_logging' |
| @@ -343,6 +343,8 | |||
|
|
343 | 343 | config.get('labs_settings_active', 'false')) |
|
|
344 | 344 | context.ssh_enabled = str2bool( |
|
|
345 | 345 | config.get('ssh.generate_authorized_keyfile', 'false')) |
|
|
346 | context.ssh_key_generator_enabled = str2bool( | |
|
|
347 | config.get('ssh.enable_ui_key_generator', 'true')) | |
|
|
346 | 348 | |
|
|
347 | 349 | context.visual.allow_repo_location_change = str2bool( |
|
|
348 | 350 | config.get('allow_repo_location_change', True)) |
| @@ -55,7 +55,9 | |||
|
|
55 | 55 | </div> |
|
|
56 | 56 | <div class="input"> |
|
|
57 | 57 | ${h.text('description', class_='medium', placeholder=_('Description'))} |
|
|
58 | <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a> | |
|
|
58 | % if c.ssh_key_generator_enabled: | |
|
|
59 | <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a> | |
|
|
60 | % endif | |
|
|
59 | 61 | </div> |
|
|
60 | 62 | </div> |
|
|
61 | 63 | |
| @@ -70,7 +72,7 | |||
|
|
70 | 72 | ${h.reset('reset',_('Reset'),class_="btn")} |
|
|
71 | 73 | </div> |
|
|
72 | 74 | % if c.default_key: |
|
|
73 | ${_('Click add to use this generate SSH key')} | |
|
|
75 | ${_('Click add to use this generated SSH key')} | |
|
|
74 | 76 | % endif |
|
|
75 | 77 | </div> |
|
|
76 | 78 | </div> |
| @@ -50,7 +50,9 | |||
|
|
50 | 50 | </div> |
|
|
51 | 51 | <div class="input"> |
|
|
52 | 52 | ${h.text('description', class_='medium', placeholder=_('Description'))} |
|
|
53 | <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a> | |
|
|
53 | % if c.ssh_key_generator_enabled: | |
|
|
54 | <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a> | |
|
|
55 | % endif | |
|
|
54 | 56 | </div> |
|
|
55 | 57 | </div> |
|
|
56 | 58 | |
| @@ -1,13 +1,14 | |||
|
|
1 | 1 | <div class="panel panel-default"> |
|
|
2 | 2 | <div class="panel-heading"> |
|
|
3 |
<h3 class="panel-title">${_('New SSH Key generat |
|
|
|
3 | <h3 class="panel-title">${_('New SSH Key generation')}</h3> | |
|
|
4 | 4 | </div> |
|
|
5 | 5 | <div class="panel-body"> |
|
|
6 | <p> | |
|
|
7 | ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')} | |
|
|
8 | </p> | |
|
|
9 | <h4>${_('Private key')}</h4> | |
|
|
10 | <pre> | |
|
|
6 | %if c.ssh_enabled and c.ssh_key_generator_enabled: | |
|
|
7 | <p> | |
|
|
8 | ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')} | |
|
|
9 | </p> | |
|
|
10 | <h4>${_('Private key')}</h4> | |
|
|
11 | <pre> | |
|
|
11 | 12 | # Save the below content as |
|
|
12 | 13 | # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key |
|
|
13 | 14 | # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key |
| @@ -15,30 +16,35 | |||
|
|
15 | 16 | |
|
|
16 | 17 | # Change permissions to 0600 to make it secure, and usable. |
|
|
17 | 18 | e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key |
|
|
18 | </pre> | |
|
|
19 | </pre> | |
|
|
19 | 20 | |
|
|
20 | <div> | |
|
|
21 | <textarea style="height: 300px">${c.private}</textarea> | |
|
|
22 | </div> | |
|
|
23 | <br/> | |
|
|
21 | <div> | |
|
|
22 | <textarea style="height: 300px">${c.private}</textarea> | |
|
|
23 | </div> | |
|
|
24 | <br/> | |
|
|
24 | 25 | |
|
|
25 | <h4>${_('Public key')}</h4> | |
|
|
26 | <pre> | |
|
|
26 | <h4>${_('Public key')}</h4> | |
|
|
27 | <pre> | |
|
|
27 | 28 | # Save the below content as |
|
|
28 | 29 | # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key |
|
|
29 | 30 | # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key |
|
|
30 | 31 | # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key |
|
|
31 | </pre> | |
|
|
32 | </pre> | |
|
|
32 | 33 | |
|
|
33 | <input type="text" value="${c.public}" class="large text" size="100"/> | |
|
|
34 | <p> | |
|
|
35 | % if hasattr(c, 'target_form_url'): | |
|
|
36 | <a href="${c.target_form_url}">${_('Use this generated key')}.</a> | |
|
|
37 | % else: | |
|
|
38 | <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a> | |
|
|
39 | % endif | |
|
|
40 | ${_('Confirmation required on the next screen')}. | |
|
|
41 | </p> | |
|
|
34 | <input type="text" value="${c.public}" class="large text" size="100"/> | |
|
|
35 | <p> | |
|
|
36 | % if hasattr(c, 'target_form_url'): | |
|
|
37 | <a href="${c.target_form_url}">${_('Use this generated key')}.</a> | |
|
|
38 | % else: | |
|
|
39 | <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a> | |
|
|
40 | % endif | |
|
|
41 | ${_('Confirmation required on the next screen')}. | |
|
|
42 | </p> | |
|
|
43 | % else: | |
|
|
44 | <h2> | |
|
|
45 |
${_('SSH key generator has been disabled.')}
|
|
|
|
46 | </h2> | |
|
|
47 | % endif | |
|
|
42 | 48 | </div> |
|
|
43 | 49 | </div> |
|
|
44 | 50 | |
| @@ -572,6 +572,10 | |||
|
|
572 | 572 | ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git |
|
|
573 | 573 | ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve |
|
|
574 | 574 | |
|
|
575 | ## Enables SSH key generator web interface. Disabling this still allows users | |
|
|
576 | ## to add their own keys. | |
|
|
577 |
ssh.enable_ui_key_generator = true
|
|
|
|
578 | ||
|
|
575 | 579 | |
|
|
576 | 580 | ## Dummy marker to add new entries after. |
|
|
577 | 581 | ## Add any custom entries below. Please don't remove. |
Comments 23
there are 16 general comments from older versions,
show them
Pull request updated. Auto status change to "Under Review"
Changed commits: * 1 added * 0 removed Changed files: * M rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
CLA FOUND and APPROVED
So I'm going to make a small complaint about the fact that the public repository is missing the 4.15 branch and my test instance is up-to-date. This makes syncing things less than straight forward. Also, for some reason it looked to me like both build bot posts pointed to the same file. Looks ok now.
Yeah, i'd realized that now that infact 4.15 is not pushed to the public instance... This should be done automatically.
I'll make sure we re-sync the codebase today.
Build Succeeded!
Thank you for this contribution. This looks ok, i'll merge this manually on top of our current default develop branch.
Closing with status change > Approved.