|
Size: 2331
Comment: converted to 1.6 markup
|
Size: 2654
Comment: Tidied the formatting somewhat.
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| As described on MultipleCommitters, one way of collaboration (the CVS-like model) is setting up a central [[Repository|repository]] every user pushes his changes to and pulls the others' changes from. This page describes how to create such repositories accessible via a shared ssh account without needing to give full shell access to other people. |
= Shared SSH = {{{#!wiki tip This page describes how to create repositories accessible via a '''single shared SSH account''' without needing to give full shell access to other people. This is just one of many ways to make your repository available to [[MultipleCommitters|multiple committers]], and not necessarily the most common. See PublishingRepositories for a good overview of many ways to allow others to interact with your repository. }}} |
| Line 9: | Line 9: |
| mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, "hg", which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events. | {{{#!wiki note Despite its name, this is not the only Mercurial server available. This is a piece of software for effectively letting a single shared SSH account be safely used by multiple people. If you're just looking to make your repository available, read PublishingRepositories for a list of options. }}} |
| Line 11: | Line 13: |
| * [[http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/README]] * [[http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/doc/]] * [[http://hg.opensource.lshift.net/mercurial-server/archive/release_0.6.tar.gz]] |
mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, `hg`, which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events. |
| Line 15: | Line 15: |
| == Other options == | * [[http://www.lshift.net/mercurial-server.html]] |
| Line 17: | Line 17: |
| There are two alternative systems for achieving the same end, though both require more work to maintain: | mercurial-server is descended from hg-ssh. |
| Line 19: | Line 19: |
| === hg-ssh === | == hg-ssh == |
| Line 21: | Line 21: |
| A python script available in [[http://www.selenic.com/repo/hg-stable/raw-file/tip/contrib/hg-ssh|contrib/hg-ssh]]. Allowed repositories are managed directly in the authorized_keys file. | hg-ssh is a python script available in [[http://www.selenic.com/repo/hg-stable/raw-file/tip/contrib/hg-ssh|contrib/hg-ssh]] and was probably installed along with your Mercurial software. Allowed repositories are managed directly in the `authorized_keys` file. |
| Line 23: | Line 23: |
| Look at the start of the script for usage instructions. | Look at the start of the script for usage instructions. When possible use the version that matches your installed version of Mercurial. |
| Line 25: | Line 25: |
| mercurial-server is descended from hg-ssh. | == hg-login == |
| Line 27: | Line 27: |
| === hg-login === HgLogin is a system by MarcSchaefer for achieving the same end. |
HgLogin is a system by MarcSchaefer for creating restricted shared user accounts. |
| Line 33: | Line 31: |
| When accessing a remote repository via Mercurial's ssh repository type, ''hg'' basically does a |
When accessing a remote repository via Mercurial's `ssh` repository type, `hg` basically does the following: |
| Line 40: | Line 37: |
| and relies on ssh for authentication and tunneling. When using public key authentication, ssh allows limiting the user to one specific command, which can do all the sanity checks we want and then calls ''hg'' just like ssh would |
It relies on `ssh` for authentication and tunneling. When using public key authentication, `ssh` allows limiting the user to one specific command, which can do all the sanity checks we want and then calls `hg` just like `ssh` would |
| Line 44: | Line 41: |
| his own entry in authorized_keys, which allows the scripts to distinguish between different users and thus enforce e.g. access permissions. |
his own entry in `authorized_keys`, which allows the scripts to distinguish between different users and thus enforce things like access permissions. |
| Line 47: | Line 44: |
| See also AclExtension, HgWebDirStepByStep. | See also AclExtension, HgWebDirStepByStep, PublishingRepositories, and MultipleCommitters |
Shared SSH
This page describes how to create repositories accessible via a single shared SSH account without needing to give full shell access to other people. This is just one of many ways to make your repository available to multiple committers, and not necessarily the most common. See PublishingRepositories for a good overview of many ways to allow others to interact with your repository.
mercurial-server
Despite its name, this is not the only Mercurial server available. This is a piece of software for effectively letting a single shared SSH account be safely used by multiple people. If you're just looking to make your repository available, read PublishingRepositories for a list of options.
mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, hg, which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events.
mercurial-server is descended from hg-ssh.
hg-ssh
hg-ssh is a python script available in contrib/hg-ssh and was probably installed along with your Mercurial software. Allowed repositories are managed directly in the authorized_keys file.
Look at the start of the script for usage instructions. When possible use the version that matches your installed version of Mercurial.
hg-login
HgLogin is a system by MarcSchaefer for creating restricted shared user accounts.
How these work
When accessing a remote repository via Mercurial's ssh repository type, hg basically does the following:
$ ssh hg.example.com hg -R /path/to/repos serve --stdio
It relies on ssh for authentication and tunneling. When using public key authentication, ssh allows limiting the user to one specific command, which can do all the sanity checks we want and then calls hg just like ssh would in the example above. Note that every user gets his own private key and his own entry in authorized_keys, which allows the scripts to distinguish between different users and thus enforce things like access permissions.
See also AclExtension, HgWebDirStepByStep, PublishingRepositories, and MultipleCommitters