##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

sslutil: introduce a function for determining host-specific settings...
sslutil: introduce a function for determining host-specific settings This patch marks the beginning of a series that introduces a new, more configurable, per-host security settings mechanism. Currently, we have global settings (like web.cacerts and the --insecure argument). We also have per-host settings via [hostfingerprints]. Global security settings are good for defaults, but they don't provide the amount of control often wanted. For example, an organization may want to require a particular CA is used for a particular hostname. [hostfingerprints] is nice. But it currently assumes SHA-1. Furthermore, there is no obvious place to put additional per-host settings. Subsequent patches will be introducing new mechanisms for defining security settings, some on a per-host basis. This commits starts the transition to that world by introducing the _hostsettings function. It takes a ui and hostname and returns a dict of security settings. Currently, it limits itself to returning host fingerprint info. We foreshadow the future support of non-SHA1 hashing algorithms for verifying the host fingerprint by making the "certfingerprints" key a list of tuples instead of a list of hashes. We add this dict to the hgstate property on the socket and use it during socket validation for checking fingerprints. There should be no change in behavior.
Sean Farley - - Load All Authors

File last commit:

r29090:7b52cb38 stable
r29258:6315c1e1 default
Show More
hg-ssh.8.txt
71 lines | 1.8 KiB | text/plain | TextLexer
/ mercurial / help / hg-ssh.8.txt
History | Annotation | Raw |Copy content |Copy permalink
========
hg-ssh
========
----------------------------------------
restricted ssh login shell for Mercurial
----------------------------------------
:Author: Thomas Arendsen Hein <thomas@intevation.de>
:Organization: Mercurial
:Manual section: 8
:Manual group: Mercurial Manual
.. contents::
:backlinks: top
:class: htmlonly
:depth: 1
Synopsis
""""""""
**hg-ssh** repositories...
Description
"""""""""""
**hg-ssh** is a wrapper for ssh access to a limited set of mercurial repos.
To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8):
command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ...
(probably together with these other useful options:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding)
This allows pull/push over ssh from/to the repositories given as arguments.
If all your repositories are subdirectories of a common directory, you can
allow shorter paths with:
command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2"
You can use pattern matching of your normal shell, e.g.:
command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}"
You can also add a --read-only flag to allow read-only access to a key, e.g.:
command="hg-ssh --read-only repos/\*"
Bugs
""""
Probably lots, please post them to the mailing list (see Resources_
below) when you find them.
See Also
""""""""
|hg(1)|_
Author
""""""
Written by Matt Mackall <mpm@selenic.com>
Resources
"""""""""
Main Web Site: https://mercurial-scm.org/
Source code repository: http://selenic.com/hg
Mailing list: http://selenic.com/mailman/listinfo/mercurial
Copying
"""""""
Copyright (C) 2005-2016 Matt Mackall.
Free use of this software is granted under the terms of the GNU General
Public License version 2 or any later version.
.. include:: common.txt