Differences between revisions 41 and 43 (spanning 2 versions)
Revision 41 as of 2010-04-30 12:03:05
Size: 2654
Editor: PaulBoddie
Comment: Tidied the formatting somewhat.
Revision 43 as of 2010-05-27 03:53:33
Size: 3201
Editor: Ry4anBrase
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:

== hg-ssh ==

hg-ssh is a python script available in [[http://www.selenic.com/repo/hg-stable/raw-file/tip/contrib/hg-ssh|contrib/hg-ssh]] and was probably installed along with your Mercurial software. Allowed repositories are managed directly in the `authorized_keys` file.

Look at the start of the script for usage instructions. When possible use the version that matches your installed version of Mercurial.
Line 10: Line 17:
Despite its name, this is not the only Mercurial server available. This is a piece of software for effectively letting a single shared SSH account be safely used by multiple people. If you're just looking to make your repository available, read PublishingRepositories for a list of options. Despite its name, this is not a Mercurial server. It offers an improved management interface for the shared ssh mechanism like that provided by hg-ssh.
Line 18: Line 25:

== hg-ssh ==

hg-ssh is a python script available in [[http://www.selenic.com/repo/hg-stable/raw-file/tip/contrib/hg-ssh|contrib/hg-ssh]] and was probably installed along with your Mercurial software. Allowed repositories are managed directly in the `authorized_keys` file.

Look at the start of the script for usage instructions. When possible use the version that matches your installed version of Mercurial.
Line 37: Line 38:
It relies on `ssh` for authentication and tunneling. When using public key
authentication, `ssh` allows limiting the user to one specific command, which
can do all the sanity checks we want and then calls `hg` just like `ssh` would
in the example above. Note that every user gets his own private key and
his own entry in `authorized_keys`, which allows the scripts to distinguish
between different users and thus enforce things like access permissions.
It relies on `ssh` for authentication and tunneling. When using public key authentication, `ssh` allows limiting the user to one specific command (as described in the [[http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8|sshd manual page]] in the section concerning the `authorized_keys` file format). Such a command, provided by the solutions listed above, can do the necessary sanity checking around the requested operation, and can then call `hg` just like `ssh` would do in the example above. Since every user gets his own private key and his own entry in `authorized_keys`, the solutions presented here are able to distinguish between different users and thus enforce things like access control, even though a single system account (or system user) may be providing the underlying services. Moreover, since a designated command must be executed when those accessing the repository authenticate themselves, it should not be possible for users to start a normal shell and bypass access controls implemented by the designated command (although this does depend on the implementation and proper functioning of the command itself).

Shared SSH

This page describes how to create repositories accessible via a single shared SSH account without needing to give full shell access to other people. This is just one of many ways to make your repository available to multiple committers, and not necessarily the most common. See PublishingRepositories for a good overview of many ways to allow others to interact with your repository.

hg-ssh

hg-ssh is a python script available in contrib/hg-ssh and was probably installed along with your Mercurial software. Allowed repositories are managed directly in the authorized_keys file.

Look at the start of the script for usage instructions. When possible use the version that matches your installed version of Mercurial.

mercurial-server

Despite its name, this is not a Mercurial server. It offers an improved management interface for the shared ssh mechanism like that provided by hg-ssh.

mercurial-server provides the most complete and easiest-to-use solution to this problem for hosting a collection of repositories on Unix systems. Installing mercurial-server creates a new user, hg, which will own all the repositories to be shared. Giving access to a new user is as simple as adding their SSH key to a special repository and pushing the changes. mercurial-server can enforce fine-grained permissions and logs all events.

mercurial-server is descended from hg-ssh.

hg-login

HgLogin is a system by MarcSchaefer for creating restricted shared user accounts.

How these work

When accessing a remote repository via Mercurial's ssh repository type, hg basically does the following:

$ ssh hg.example.com hg -R /path/to/repos serve --stdio

It relies on ssh for authentication and tunneling. When using public key authentication, ssh allows limiting the user to one specific command (as described in the sshd manual page in the section concerning the authorized_keys file format). Such a command, provided by the solutions listed above, can do the necessary sanity checking around the requested operation, and can then call hg just like ssh would do in the example above. Since every user gets his own private key and his own entry in authorized_keys, the solutions presented here are able to distinguish between different users and thus enforce things like access control, even though a single system account (or system user) may be providing the underlying services. Moreover, since a designated command must be executed when those accessing the repository authenticate themselves, it should not be possible for users to start a normal shell and bypass access controls implemented by the designated command (although this does depend on the implementation and proper functioning of the command itself).

See also AclExtension, HgWebDirStepByStep, PublishingRepositories, and MultipleCommitters


CategoryWeb CategoryHowTo

SharedSSH (last edited 2020-05-03 08:02:54 by timeless)