Pull request !2275 From Wed, 13 Feb 2019 21:07:07
Shadow repository data not available.
Closed, Approved - calculated based on 3 reviewers votes
  • Issue #5536 - ability to disable server-side SSH key generation
Pull request versions not available.
Author of this pull request
Pull request reviewers
Time Author Commit Description
r3208:7d47a18b6391
Issue #5536 - another template typo
r3207:55f6d5276de9
Issue #5536 - template typo. also make variable names more explicit
r3206:c02cc55651b4
Issue #5536 - ability to disable server-side SSH key generation
Add another comment
@@ -40,7 +40,7
40 % endif
40 % endif
41 ${_('Confirmation required on the next screen')}.
41 ${_('Confirmation required on the next screen')}.
42 </p>
42 </p>
43 % elif:
43 % else:

I did have that fixed on the live template. I just didn't sync it.

Add another comment
44 <h2>
44 <h2>
45 ${_('SSH key generator has been disabled.')}
45 ${_('SSH key generator has been disabled.')}
46 </h2>
46 </h2>
Add another comment
@@ -630,9 +630,9
630 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
630 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
631 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
631 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
632
632
633 ## Enables SSH Key generator web interface. Disabling this still allows users
633 ## Enables SSH key generator web interface. Disabling this still allows users
634 ## to add their own keys.
634 ## to add their own keys.
635 ssh.enable_generator = true
635 ssh.enable_ui_key_generator = true
636
636
637
637
638 ## Dummy marker to add new entries after.
638 ## Dummy marker to add new entries after.
@@ -602,9 +602,9
602 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
602 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
603 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
603 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
604
604
605 ## Enables SSH Key generator web interface. Disabling this still allows users
605 ## Enables SSH key generator web interface. Disabling this still allows users
606 ## to add their own keys.
606 ## to add their own keys.
607 ssh.enable_generator = true
607 ssh.enable_ui_key_generator = true
608
608
609
609
610 ## Dummy marker to add new entries after.
610 ## Dummy marker to add new entries after.
@@ -73,9 +73,9
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75
75
76 ## Enables SSH Key generator web interface. Disabling this still allows users
76 ## Enables SSH key generator web interface. Disabling this still allows users
77 ## to add their own keys.
77 ## to add their own keys.
78 ssh.enable_generator = true
78 ssh.enable_ui_key_generator = true
79
79
80
80
81 3. Set base_url for instance to enable proper event handling (Optional):
81 3. Set base_url for instance to enable proper event handling (Optional):
@@ -71,7 +71,7
71 c = self.load_default_context()
71 c = self.load_default_context()
72
72
73 c.active = 'ssh_keys_generate'
73 c.active = 'ssh_keys_generate'
74 if c.ssh_generator_enabled:
74 if c.ssh_key_generator_enabled:
75 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
75 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
76 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
76 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
77 c.target_form_url = h.route_path(
77 c.target_form_url = h.route_path(
@@ -36,7 +36,7
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
39 _bool_setting(settings, config_keys.ssh_generator_enabled, 'true')
39 _bool_setting(settings, config_keys.ssh_key_generator_enabled, 'true')
40
40
41 _string_setting(settings, config_keys.authorized_keys_file_path,
41 _string_setting(settings, config_keys.authorized_keys_file_path,
42 '~/.ssh/authorized_keys_rhodecode',
42 '~/.ssh/authorized_keys_rhodecode',
@@ -24,7 +24,7
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
27 ssh_generator_enabled = 'ssh.enable_generator'
27 ssh_key_generator_enabled = 'ssh.enable_ui_key_generator'
28 wrapper_cmd = 'ssh.wrapper_cmd'
28 wrapper_cmd = 'ssh.wrapper_cmd'
29 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
30 enable_debug_logging = 'ssh.enable_debug_logging'
30 enable_debug_logging = 'ssh.enable_debug_logging'
@@ -343,8 +343,8
343 config.get('labs_settings_active', 'false'))
343 config.get('labs_settings_active', 'false'))
344 context.ssh_enabled = str2bool(
344 context.ssh_enabled = str2bool(
345 config.get('ssh.generate_authorized_keyfile', 'false'))
345 config.get('ssh.generate_authorized_keyfile', 'false'))
346 context.ssh_generator_enabled = str2bool(
346 context.ssh_key_generator_enabled = str2bool(
347 config.get('ssh.enable_generator', 'true'))
347 config.get('ssh.enable_ui_key_generator', 'true'))
348
348
349 context.visual.allow_repo_location_change = str2bool(
349 context.visual.allow_repo_location_change = str2bool(
350 config.get('allow_repo_location_change', True))
350 config.get('allow_repo_location_change', True))
@@ -55,9 +55,9
55 </div>
55 </div>
56 <div class="input">
56 <div class="input">
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
58 % if c.ssh_generator_enabled:
58 % if c.ssh_key_generator_enabled:
59 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
59 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
60 $ endif
60 % endif

fixed in r3207

Add another comment
61 </div>
61 </div>
62 </div>
62 </div>
63
63
Unmatched inline comments below
Unmatched comments below
note

+1 for spelling fix ;)

Add another comment
@@ -50,7 +50,7
50 </div>
50 </div>
51 <div class="input">
51 <div class="input">
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
53 % if c.ssh_generator_enabled:
53 % if c.ssh_key_generator_enabled:
54 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
54 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
55 % endif
55 % endif
56 </div>
56 </div>
@@ -3,7 +3,7
3 <h3 class="panel-title">${_('New SSH Key generation')}</h3>
3 <h3 class="panel-title">${_('New SSH Key generation')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 %if c.ssh_enabled and c.ssh_generator_enabled:
6 %if c.ssh_enabled and c.ssh_key_generator_enabled:
7 <p>
7 <p>
8 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
8 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
9 </p>
9 </p>
@@ -572,9 +572,9
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
574
574
575 ## Enables SSH Key generator web interface. Disabling this still allows users
575 ## Enables SSH key generator web interface. Disabling this still allows users
576 ## to add their own keys.
576 ## to add their own keys.
577 ssh.enable_generator = true
577 ssh.enable_ui_key_generator = true
578
578
579
579
580 ## Dummy marker to add new entries after.
580 ## Dummy marker to add new entries after.
Add another comment
@@ -630,6 +630,10
630 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
630 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
631 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
631 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
632
632
633 ## Enables SSH Key generator web interface. Disabling this still allows users
634 ## to add their own keys.
635 ssh.enable_generator = true
636
633
637
634 ## Dummy marker to add new entries after.
638 ## Dummy marker to add new entries after.
635 ## Add any custom entries below. Please don't remove.
639 ## Add any custom entries below. Please don't remove.
@@ -602,6 +602,10
602 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
602 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
603 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
603 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
604
604
605 ## Enables SSH Key generator web interface. Disabling this still allows users
606 ## to add their own keys.
607 ssh.enable_generator = true
608
605
609
606 ## Dummy marker to add new entries after.
610 ## Dummy marker to add new entries after.
607 ## Add any custom entries below. Please don't remove.
611 ## Add any custom entries below. Please don't remove.
@@ -73,6 +73,10
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75
75
76 ## Enables SSH Key generator web interface. Disabling this still allows users
77 ## to add their own keys.
78 ssh.enable_generator = true
79
76
80
77 3. Set base_url for instance to enable proper event handling (Optional):
81 3. Set base_url for instance to enable proper event handling (Optional):
78
82
@@ -71,10 +71,11
71 c = self.load_default_context()
71 c = self.load_default_context()
72
72
73 c.active = 'ssh_keys_generate'
73 c.active = 'ssh_keys_generate'
74 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
74 if c.ssh_generator_enabled:
75 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
75 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
76 c.target_form_url = h.route_path(
76 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
77 'my_account_ssh_keys', _query=dict(default_key=c.public))
77 c.target_form_url = h.route_path(
78 'my_account_ssh_keys', _query=dict(default_key=c.public))
78 return self._get_template_context(c)
79 return self._get_template_context(c)
79
80
80 @LoginRequired()
81 @LoginRequired()
@@ -36,6 +36,7
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
39 _bool_setting(settings, config_keys.ssh_generator_enabled, 'true')
39
40
40 _string_setting(settings, config_keys.authorized_keys_file_path,
41 _string_setting(settings, config_keys.authorized_keys_file_path,
41 '~/.ssh/authorized_keys_rhodecode',
42 '~/.ssh/authorized_keys_rhodecode',
@@ -24,6 +24,7
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
27 ssh_generator_enabled = 'ssh.enable_generator'
27 wrapper_cmd = 'ssh.wrapper_cmd'
28 wrapper_cmd = 'ssh.wrapper_cmd'
28 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 enable_debug_logging = 'ssh.enable_debug_logging'
30 enable_debug_logging = 'ssh.enable_debug_logging'
@@ -343,6 +343,8
343 config.get('labs_settings_active', 'false'))
343 config.get('labs_settings_active', 'false'))
344 context.ssh_enabled = str2bool(
344 context.ssh_enabled = str2bool(
345 config.get('ssh.generate_authorized_keyfile', 'false'))
345 config.get('ssh.generate_authorized_keyfile', 'false'))
346 context.ssh_generator_enabled = str2bool(
347 config.get('ssh.enable_generator', 'true'))
346
348
347 context.visual.allow_repo_location_change = str2bool(
349 context.visual.allow_repo_location_change = str2bool(
348 config.get('allow_repo_location_change', True))
350 config.get('allow_repo_location_change', True))
@@ -55,7 +55,9
55 </div>
55 </div>
56 <div class="input">
56 <div class="input">
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
58 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
58 % if c.ssh_generator_enabled:
59 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
60 $ endif
59 </div>
61 </div>
60 </div>
62 </div>
61
63
@@ -70,7 +72,7
70 ${h.reset('reset',_('Reset'),class_="btn")}
72 ${h.reset('reset',_('Reset'),class_="btn")}
71 </div>
73 </div>
72 % if c.default_key:
74 % if c.default_key:
73 ${_('Click add to use this generate SSH key')}
75 ${_('Click add to use this generated SSH key')}
note

+1 for spelling fix ;)

Add another comment
74 % endif
76 % endif
75 </div>
77 </div>
76 </div>
78 </div>
@@ -50,7 +50,9
50 </div>
50 </div>
51 <div class="input">
51 <div class="input">
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
53 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
53 % if c.ssh_generator_enabled:
54 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
55 % endif
54 </div>
56 </div>
55 </div>
57 </div>
56
58
@@ -1,13 +1,14
1 <div class="panel panel-default">
1 <div class="panel panel-default">
2 <div class="panel-heading">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
3 <h3 class="panel-title">${_('New SSH Key generation')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 <p>
6 %if c.ssh_enabled and c.ssh_generator_enabled:
7 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
7 <p>
8 </p>
8 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
9 <h4>${_('Private key')}</h4>
9 </p>
10 <pre>
10 <h4>${_('Private key')}</h4>
11 <pre>
11 # Save the below content as
12 # Save the below content as
12 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
13 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
13 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
14 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
@@ -15,30 +16,35
15
16
16 # Change permissions to 0600 to make it secure, and usable.
17 # Change permissions to 0600 to make it secure, and usable.
17 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
18 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
18 </pre>
19 </pre>
19
20
20 <div>
21 <div>
21 <textarea style="height: 300px">${c.private}</textarea>
22 <textarea style="height: 300px">${c.private}</textarea>
22 </div>
23 </div>
23 <br/>
24 <br/>
24
25
25 <h4>${_('Public key')}</h4>
26 <h4>${_('Public key')}</h4>
26 <pre>
27 <pre>
27 # Save the below content as
28 # Save the below content as
28 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
29 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
29 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
30 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
30 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
31 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
31 </pre>
32 </pre>
32
33
33 <input type="text" value="${c.public}" class="large text" size="100"/>
34 <input type="text" value="${c.public}" class="large text" size="100"/>
34 <p>
35 <p>
35 % if hasattr(c, 'target_form_url'):
36 % if hasattr(c, 'target_form_url'):
36 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
37 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
37 % else:
38 % else:
38 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
39 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
39 % endif
40 % endif
40 ${_('Confirmation required on the next screen')}.
41 ${_('Confirmation required on the next screen')}.
41 </p>
42 </p>
43 % elif:
44 <h2>
45 ${_('SSH key generator has been disabled.')}
46 </h2>
47 % endif
42 </div>
48 </div>
43 </div>
49 </div>
44
50
@@ -572,6 +572,10
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
574
574
575 ## Enables SSH Key generator web interface. Disabling this still allows users
576 ## to add their own keys.
577 ssh.enable_generator = true
578
575
579
576 ## Dummy marker to add new entries after.
580 ## Dummy marker to add new entries after.
577 ## Add any custom entries below. Please don't remove.
581 ## Add any custom entries below. Please don't remove.
Comments 23
there are 16 general comments from older versions, show them
note
Under Review

Pull request updated. Auto status change to "Under Review"

Changed commits:
  * 1 added
  * 0 removed

Changed files:
  * M rhodecode/templates/admin/users/user_edit_ssh_keys_generate.mako
note
Approved

CLA FOUND and APPROVED

note

So I'm going to make a small complaint about the fact that the public repository is missing the 4.15 branch and my test instance is up-to-date. This makes syncing things less than straight forward. Also, for some reason it looked to me like both build bot posts pointed to the same file. Looks ok now.

note

Yeah, i'd realized that now that infact 4.15 is not pushed to the public instance... This should be done automatically.
I'll make sure we re-sync the codebase today.

note
Approved

Build Succeeded!

note
Approved

Thank you for this contribution. This looks ok, i'll merge this manually on top of our current default develop branch.

note
Approved

Closing with status change > Approved.