Project

General

Profile

Actions

Support #5593

open

SSH connections

Added by Andreas Ladanyi about 4 years ago. Updated about 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
17.02.2020
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:
Affected Version:

Description

Hi,

i have a customer who wants to connect his buildbot server to his git Rhodecode repos via SSH.

So in my opinion the customer needs a password less private key on his buildbot box and needs to enter his public key to "SSH Keys" tab as his rhodecode web username.

In general it seems to me a rhodecode user couldnt generate a password less key pair on the rhodecode web interface.

At the SSH connection page (https://docs.rhodecode.com/RhodeCode-Enterprise/auth/ssh-connection.html) each rhodecode user could enter a ssh key under his username but the connection to the repo via ssh is done as the service username rhodecode daemon runs (and not the the rhodecode web username).

So do i need to offer the service username of rhodecode daemon to the customers, because the customer couldnt connect to his repo when using his rhodecode username ?

Actions #1

Updated by Marcin Kuzminski [CTO] about 4 years ago

So in my opinion the customer needs a password less private key on his buildbot box and needs to enter his public key to "SSH Keys" tab as his rhodecode web username.

Yes, or you can enable token authnetication and this customer can use HTTP and authenticate via username/token without giving him password and ability to log-in to the web interface.

For SSH yes there's only a single account that is used for authentication, but at a later stage, the SSH key is used to differentiate a user and give him according permissions for repository.
You need to expose that username, but it should be safe as it's the Machine account that the rhodecode is running on to, there's no technical option for having per-account username for SSH

Actions #2

Updated by Andreas Ladanyi about 4 years ago

Hi Marcin,

did i understand you correctly an passwordless authentification with passwordless ssh keys is not possible at the moment with ssh rc wrapper ?

Actions #3

Updated by Marcin Kuzminski [CTO] about 4 years ago

It is possible i just explained how it works, and that the username cannot be changed with SSH authentication.

Actions

Also available in: Atom PDF