| commit | author | age | ||
| 22957a | 1 | |
| JM | 2 | ## Using the SSH transport |
| 3 | ||
| 4 | *SINCE 1.5.0* | |
| 5 | ||
| 6 | The SSH transport is a very exciting improvement to Gitblit. Aside from offering a simple password-less, public key workflow the SSH transport also allows exposes a new approach to interacting with Gitblit: SSH commands. The Gerrit and Android projects have to be thanked for providing great base SSH code that Gitblit has integrated. | |
| 7 | ||
| 8 | ### Cloning & Pushing | |
| 9 | ||
| 10 | By default, Gitblit serves the SSH transport on port 29418, which is the same as Gerrit. Why was 29418 chosen? It's likely because it resembles the IANA port assigned to the git protocol (9418). | |
| 11 | ||
| 12 | Gitblit will authenticate using username/password or public keys. | |
| 13 | ||
| 14 | git clone ssh://<username>@<hostname>:29418/myrepository.git | |
| 15 | ||
| 16 | ### Setting up your account to use public key authentication | |
| 17 | ||
| 18 | Public key authentication allows you to operate in a password-less workflow and to separate your web login credentials from your git credentials. Setting up public key authentication is very simple. If you are working on Windows you'll need to install [Git for Windows](http://git-scm.com/download/win). | |
| 19 | ||
| 20 | First you'll need to create an SSH key pair, if you don't already have one or if you want to generate a new, separate key. | |
| 21 | ||
| 22 | ssh-keygen | |
| 23 | ||
| 24 | Then you can upload your *public* key right from the command-line. | |
| 25 | ||
| 413e9b | 26 | cat ~/.ssh/id_rsa.pub | ssh -l <username> -p 29418 <hostname> keys add |
| JM | 27 | cat c:\<userfolder>\.ssh\id_rsa.pub | ssh -l <username> -p 29418 <hostname> keys add |
| 22957a | 28 | |
| JM | 29 | **NOTE:** It is important to note that *ssh-keygen* generates a public/private keypair (e.g. id_rsa and id_rsa.pub). You want to upload the *public* key, which is denoted by the *.pub* file extension. |
| 30 | ||
| 31 | Once you've done both of those steps you should be able to execute the following command without a password prompt. | |
| 32 | ||
| 617909 | 33 | ssh -l <username> -p 29418 <hostname> |
| 22957a | 34 | |
| JM | 35 | ### Setting up an SSH alias |
| 36 | ||
| 37 | Typing the following command syntax all the time gets to be rather tedious. | |
| 38 | ||
| 413e9b | 39 | ssh -l <username> -p 29418 <hostname> |
| 22957a | 40 | |
| JM | 41 | You can define an alias for your server which will reduce your command syntax to something like this. |
| 42 | ||
| 617909 | 43 | ssh <alias> |
| 22957a | 44 | |
| JM | 45 | Create or modify your `~/.ssh/config` file and add a host entry. If you are on Windows, you'll want to create or modify `<userfolder>\.ssh\config`, where *userfolder* is dependent on your version of Windows. Most recently this is `c:\users\<userfolder>`. |
| 46 | ||
| 47 | Host <alias> | |
| 48 | IdentityFile ~/.ssh/id_rsa | |
| 49 | User <username> | |
| 50 | Port 29418 | |
| 51 | HostName <hostname> | |
| 52 | ||
| 53 | ### SSH Commands | |
| 54 | ||
| eec333 | 55 | Gitblit supports SSH command plugins and provides several commands out-of-the-box. |
| 22957a | 56 | |
| 413e9b | 57 | #### keys |
| 22957a | 58 | |
| 413e9b | 59 | The *keys* command dispatcher allows you to manage your public ssh keys. You can list keys, add keys, remove keys, and identify the key in-use for the active session. |
| 22957a | 60 | |
| eec333 | 61 | ##### keys add |
| 22957a | 62 | |
| JM | 63 | Add an SSH public key to your account. This command accepts a public key piped to stdin. |
| 64 | ||
| 413e9b | 65 | cat ~/.ssh/id_rsa.pub | ssh -l <username> -p 29418 <hostname> keys add |
| 617909 | 66 | |
| JM | 67 | ##### keys list |
| 68 | ||
| 69 | Show the SSH public keys you have added to your account. | |
| 70 | ||
| 413e9b | 71 | ssh -l <username> -p 29418 <hostname> keys list |
| 22957a | 72 | |
| eec333 | 73 | ##### keys remove |
| 22957a | 74 | |
| 617909 | 75 | Remove an SSH public key from your account. This command accepts several input values, the most useful one is an index number which matches the index number displayed in the `list` command. |
| 22957a | 76 | |
| 413e9b | 77 | ssh -l <username> -p 29418 <hostname> keys remove 2 |
| 22957a | 78 | |
| JM | 79 | You can also remove all your public keys from your account. |
| 80 | ||
| 413e9b | 81 | ssh -l <username> -p 29418 <hostname> keys remove ALL |
| JM | 82 | |
| 2d73a0 | 83 | ##### keys permission |
| 413e9b | 84 | |
| 2d73a0 | 85 | You may control the access permission for each SSH key. This is more of a safety feature than a security measure. |
| JM | 86 | |
| 87 | | Permission | Description | | |
| 88 | | ---------- | ----------------------------------------------- | | |
| 89 | | V | SSH key may not be used for clone/fetch or push | | |
| 90 | | R | SSH key may be used to clone/fetch | | |
| 91 | | RW | SSH key may be used to clone/fetch and push | | |
| 92 | ||
| 22957a | 93 | |
