Show More
| @@ -8,7 +8,7 b' About' | |||||
| 8 |
|
8 | |||
| 9 | **Kallithea** is a fast and powerful management tool for Mercurial_ and Git_ |
|
9 | **Kallithea** is a fast and powerful management tool for Mercurial_ and Git_ | |
| 10 | with a built-in push/pull server, full text search and code-review. It works on |
|
10 | with a built-in push/pull server, full text search and code-review. It works on | |
| 11 | HTTP/HTTPS, has a built-in permission/authentication system with the ability |
|
11 | HTTP/HTTPS and SSH, has a built-in permission/authentication system with the ability | |
| 12 | to authenticate via LDAP or ActiveDirectory. Kallithea also provides simple API |
|
12 | to authenticate via LDAP or ActiveDirectory. Kallithea also provides simple API | |
| 13 | so it's easy to integrate with existing external systems. |
|
13 | so it's easy to integrate with existing external systems. | |
| 14 |
|
14 | |||
| @@ -61,6 +61,7 b' Kallithea features' | |||||
| 61 | - Built for speed and performance. You can make multiple pulls/pushes |
|
61 | - Built for speed and performance. You can make multiple pulls/pushes | |
| 62 | simultaneously. Proven to work with thousands of repositories and users. |
|
62 | simultaneously. Proven to work with thousands of repositories and users. | |
| 63 | - Supports HTTP/HTTPS with LDAP, AD, or proxy-pass authentication. |
|
63 | - Supports HTTP/HTTPS with LDAP, AD, or proxy-pass authentication. | |
|
|
64 | - Supports SSH access with server-side public key management. | |||
| 64 | - Full permissions (private/read/write/admin) together with IP restrictions for |
|
65 | - Full permissions (private/read/write/admin) together with IP restrictions for | |
| 65 | each repository, additional explicit forking, repositories group and |
|
66 | each repository, additional explicit forking, repositories group and | |
| 66 | repository creation permissions. |
|
67 | repository creation permissions. | |
| @@ -92,36 +92,58 b' set ``i18n.lang`` to the desired languag' | |||||
| 92 | Using Kallithea with SSH |
|
92 | Using Kallithea with SSH | |
| 93 | ------------------------ |
|
93 | ------------------------ | |
| 94 |
|
94 | |||
| 95 | Kallithea currently only hosts repositories using http and https. (The addition |
|
95 | Kallithea supports repository access via SSH key based authentication. | |
| 96 | of ssh hosting is a planned future feature.) However you can easily use ssh in |
|
96 | ||
| 97 | parallel with Kallithea. (Repository access via ssh is a standard "out of |
|
97 | .. note:: At this moment, repository access via SSH has been tested on Unix | |
| 98 | the box" feature of Mercurial_ and you can use this to access any of the |
|
98 | only. Windows users that care about SSH are invited to test it and report | |
| 99 | repositories that Kallithea is hosting. See PublishingRepositories_) |
|
99 | problems, ideally contributing patches that solve these problems. | |
|
|
100 | ||||
|
|
101 | Users and admins can upload SSH public keys (e.g. ``.ssh/id_rsa.pub``) through | |||
|
|
102 | the web interface. The server's ``.ssh/authorized_keys`` file is automatically | |||
|
|
103 | maintained with an entry for each SSH key. Each entry will tell ``sshd`` to run | |||
|
|
104 | ``kallithea-cli`` with the ``ssh-serve`` sub-command and the right Kallithea user ID | |||
|
|
105 | when encountering the corresponding SSH key. | |||
| 100 |
|
106 | |||
| 101 | Kallithea repository structures are kept in directories with the same name |
|
107 | To enable SSH repository access, Kallithea must be configured with the path to | |
| 102 | as the project. When using repository groups, each group is a subdirectory. |
|
108 | the ``.ssh/authorized_keys`` file for the Kallithea user, and the path to the | |
| 103 | This allows you to easily use ssh for accessing repositories. |
|
109 | ``kallithea-cli`` command. Put something like this in the ``.ini`` file:: | |
| 104 |
|
|
110 | ||
| 105 | In order to use ssh you need to make sure that your web server and the users' |
|
111 | ssh_enabled = true | |
| 106 | login accounts have the correct permissions set on the appropriate directories. |
|
112 | ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys | |
|
|
113 | kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli | |||
|
|
114 | ||||
|
|
115 | The SSH service must be running, and the Kallithea user account must be active | |||
|
|
116 | (not necessarily with password access, but public key access must be enabled), | |||
|
|
117 | all file permissions must be set as sshd wants it, and ``authorized_keys`` must | |||
|
|
118 | be writeable by the Kallithea user. | |||
| 107 |
|
119 | |||
| 108 | .. note:: These permissions are independent of any permissions you |
|
120 | .. note:: The ``authorized_keys`` file will be rewritten from scratch on | |
| 109 | have set up using the Kallithea web interface. |
|
121 | each update. If it already exists with other data, Kallithea will not | |
|
|
122 | overwrite the existing ``authorized_keys``, and the server process will | |||
|
|
123 | instead throw an exception. The system administrator thus cannot ssh | |||
|
|
124 | directly to the Kallithea user but must use su/sudo from another account. | |||
| 110 |
|
125 | |||
| 111 | If your main directory (the same as set in Kallithea settings) is for |
|
126 | If ``/home/kallithea/.ssh/`` (the directory of the path specified in the | |
| 112 | example set to ``/srv/repos`` and the repository you are using is |
|
127 | ``ssh_authorized_keys`` setting of the ``.ini`` file) does not exist as a | |
| 113 | named ``kallithea``, then to clone via ssh you should run:: |
|
128 | directory, Kallithea will attempt to create it. If that path exists but is | |
| 114 |
|
129 | *not* a directory, or is not readable-writable-executable by the server | ||
| 115 | hg clone ssh://user@kallithea.example.com/srv/repos/kallithea |
|
130 | process, the server process will raise an exception each time it attempts to | |
|
|
131 | write the ``authorized_keys`` file. | |||
| 116 |
|
132 | |||
| 117 | Using other external tools such as mercurial-server_ or using ssh key-based |
|
133 | .. warning:: The handling of SSH access is steered directly by the command | |
| 118 | authentication is fully supported. |
|
134 | specified in the ``authorized_keys`` file. There is no interaction with the | |
|
|
135 | web UI. Once SSH access is correctly configured and enabled, it will work | |||
|
|
136 | regardless of whether the Kallithea web process is actually running. Hence, | |||
|
|
137 | if you want to perform repository or server maintenance and want to fully | |||
|
|
138 | disable all access to the repositories, disable SSH access by setting | |||
|
|
139 | ``ssh_enabled = false`` in the correct ``.ini`` file (i.e. the ``.ini`` file | |||
|
|
140 | specified in the ``authorized_keys`` file.) | |||
| 119 |
|
141 | |||
| 120 | .. note:: In an advanced setup, in order for your ssh access to use |
|
142 | The ``authorized_keys`` file can be updated manually with ``kallithea-cli | |
| 121 | the same permissions as set up via the Kallithea web |
|
143 | ssh-update-authorized-keys -c my.ini``. This command is not needed in normal | |
| 122 | interface, you can create an authentication hook to connect |
|
144 | operation but is for example useful after changing SSH-related settings in the | |
| 123 | to the Kallithea db and run check functions for permissions |
|
145 | ``.ini`` file or renaming that file. (The path to the ``.ini`` file is used in | |
| 124 | against that. |
|
146 | the generated ``authorized_keys`` file). | |
| 125 |
|
147 | |||
| 126 |
|
148 | |||
| 127 | Setting up Whoosh full text search |
|
149 | Setting up Whoosh full text search | |
General Comments 0
You need to be logged in to leave comments.
Login now