Specifying an alternate ssh key
Kurt Granroth
kurt.mercurial at granroth.com
Thu Apr 1 10:03:03 CDT 2010
On 3/31/10 12:30 PM, Martin Geisler wrote:
> Kurt Granroth<kurt.mercurial at granroth.com> writes:
>
>> How do you specify a specific ssh key file in Mercurial?
>>
>> All of our repositories are accessed entirely via ssh. Certain
>> 'special' repos have shared ssh keys that are given to whoever needs
>> access to that repo. As a result, though, we have a case where a single
>> user may access, say, 5 repositories using 5 separate keys.
>>
>> Is there a way to do this in Mercurial? If not, any ideas on how this
>> can be accomplished directly at the SSH layer (Unix and Putty).
>
> You can create a short name for your connection in both systems. In Unix
> you add the following to your ~/.ssh/config file:
>
> Host repoX
> Hostname server.yourdomain.com
> User hg
> IdentityFile ~/.ssh/repoX-id_rsa
>
> You can leave out the User part if you don't need it. You can now use
> 'repoX' as a valid SSH host:
>
> hg clone ssh://repoX/repoX
>
> will clone from hg at server.yourdomain.com.
>
> Putty also allows you to save a session under a name, and if I recall
> correctly, then this session name works the same way, i.e., you can use
> it as a hostname to have the setting apply for that SSH connection.
>
> You could also just have your users load all the keys necessary in their
> SSH agent. The right key should then automatically be used as needed.
This worked perfectly!
Actually, it wasn't working at all at first. Every time I'd connect to
my repoX, ssh would use my primary key and not the one specified by
IdentityFile. After much weeping and gnashing of teeth, I remembered
that I was running ssh-agent which was helpfully passing along my stored
keys and ignoring IdentityFile. Oops!
Pageant is a lot better about that on Windows. I just setup a session
in Putty and TortoiseHg used my session with no problems and no
interference from Pageant.
FWIW, the 'automatic loading in ssh-agent' route wouldn't work in our
case since we have multiple keys that all *could* match and any auto
loading mechanism is bound to pick the "wrong" one.
More information about the Mercurial
mailing list