Differences between revisions 39 and 40
Revision 39 as of 2009-08-10 19:17:03
Size: 2732
Editor: Ry4anBrase
Comment: Slightly less tilted toward mercurial-server to avoid newbie confusion about it being _the_ mercurial server.
Revision 40 as of 2009-12-18 14:20:23
Size: 2540
Editor: ciphergoth
Comment: Now mercurial-server ahs a web page, link to that.
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:

== mercurial-server ==

/!\ This is not '''''the''' mercurial server''. This is a piece of software for effectively letting a single shared ssh account be safely used by multiple people. If you're just looking to make your repository available read PublishingRepositories for a list of options.

mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, "hg", which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events.

 * [[http://www.lshift.net/mercurial-server.html]]

  mercurial-server is descended from hg-ssh.
Line 11: Line 21:

== mercurial-server ==

/!\ This is not '''''the''' mercurial server''. This is a piece of software for effectively letting a single shared ssh account be safely used by multiple people. If you're just looking to make your repository available read PublishingRepositories for a list of options.

mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, "hg", which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events.

 * [[http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/README]]
 * [[http://hg.opensource.lshift.net/mercurial-server/file/release_0.6/doc/]]
 * [[http://hg.opensource.lshift.net/mercurial-server/archive/release_0.6.tar.gz]]

  mercurial-server is descended from hg-ssh.

This page describes how to create repositories accessible via a single shared ssh account without needing to give full shell access to other people. That's just one of many ways to make your repository available to MultipleCommitters, and not necessarily the most common. See PublishingRepositories for a good overview of many ways to allow others to interact with your repository.

mercurial-server

/!\ This is not the mercurial server. This is a piece of software for effectively letting a single shared ssh account be safely used by multiple people. If you're just looking to make your repository available read PublishingRepositories for a list of options.

mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, "hg", which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events.

hg-ssh

  • hg-ssh is a python script available in contrib/hg-ssh and was probably installed along with your mercurial software. Allowed repositories are managed directly in the authorized_keys file. Look at the start of the script for usage instructions. When possible use the version that matches your installed version of mercurial.

hg-login

How these work

When accessing a remote repository via Mercurial's ssh repository type, hg basically does a

$ ssh hg.example.com hg -R /path/to/repos serve --stdio

and relies on ssh for authentication and tunneling. When using public key authentication, ssh allows limiting the user to one specific command, which can do all the sanity checks we want and then calls hg just like ssh would in the example above. Note that every user gets his own private key and his own entry in authorized_keys, which allows the scripts to distinguish between different users and thus enforce e.g. access permissions.

See also AclExtension, HgWebDirStepByStep, PublishingRepositories, and MultipleCommitters


CategoryWeb CategoryHowTo

SharedSSH (last edited 2020-05-03 08:02:54 by timeless)