Show More
| @@ -93,6 +93,31 b' Using Kallithea with SSH' | |||
|
|
93 | 93 | ------------------------ |
|
|
94 | 94 | |
|
|
95 | 95 | Kallithea supports repository access via SSH key based authentication. |
|
|
96 | This means: | |
|
|
97 | ||
|
|
98 | - repository URLs like ``ssh://kallithea@example.com/name/of/repository`` | |
|
|
99 | ||
|
|
100 | - all network traffic for both read and write happens over the SSH protocol on | |
|
|
101 | port 22, without using HTTP/HTTPS nor the Kallithea WSGI application | |
|
|
102 | ||
|
|
103 | - encryption and authentication protocols are managed by the system's ``sshd`` | |
|
|
104 | process, with all users using the same Kallithea system user (e.g. | |
|
|
105 | ``kallithea``) when connecting to the SSH server, but with users' public keys | |
|
|
106 | in the Kallithea system user's `.ssh/authorized_keys` file granting each user | |
|
|
107 | sandboxed access to the repositories. | |
|
|
108 | ||
|
|
109 | - users and admins can manage SSH public keys in the web UI | |
|
|
110 | ||
|
|
111 | - in their SSH client configuration, users can configure how the client should | |
|
|
112 | control access to their SSH key - without passphrase, with passphrase, and | |
|
|
113 | optionally with passphrase caching in the local shell session (``ssh-agent``). | |
|
|
114 | This is standard SSH functionality, not something Kallithea provides or | |
|
|
115 | interferes with. | |
|
|
116 | ||
|
|
117 | - network communication between client and server happens in a bidirectional | |
|
|
118 | stateful stream, and will in some cases be faster than HTTP/HTTPS with several | |
|
|
119 | stateless round-trips. | |
|
|
120 | ||
|
|
96 | 121 | |
|
|
97 | 122 | .. note:: At this moment, repository access via SSH has been tested on Unix |
|
|
98 | 123 | only. Windows users that care about SSH are invited to test it and report |
General Comments 0
You need to be logged in to leave comments.
Login now