I am trying to find a way to use different ssh keys to clone different projects from bitbucket. I tried using ssh_config but I managed to define a different ssh key only for connections for a single particular host.
What I 'd like to achieve is having
Key A for bitbucket.org/myteam1/myproject
and
Key B for bitbucket.org/myteam2/myotherproject
Could help me out with this?
Finally I found out that the best solution for me is using the -e sshcommand option and inside it the -i key option to specify the private key that I want.
Far and away the easiest way to to just use ssh-agent. When you're running ssh-agent you add all you keys and it tries each of them until one works. Your OS is very possibly already running ssh-agent, so try
ssh-add /path/to/key1
ssh-add /path/to/key2
then when you try to connect if either key works you're in. If you're not running ssh-agent you can start it with (on unix/OS X):
eval $(ssh-agent)
and then add the two key files.
If for some reason you just can't bear to use ssh-agent, then I've found a workaround using a slightly tricky .ssh/config file. Something like this:
Host myteam1.bitbucket.org
Hostname bitbucket.org
HostKeyAlias bitbucket.org
IdentityFile ~/.ssh/keyA
Host myteam2.bitbucket.org
Hostname bitbucket.org
HostKeyAlias bitbucket.org
IdentityFile ~/.ssh/keyB
Then when you clone-from or push-to URLs using fake hostnames like hg clone ssh://hg#myteam2.bitbucket.org/myteam2/myproject ssh will swap in the real hostname and the right key.
But really, just use ssh-agent instead.
you can override your key on your repository hgrc level
see Configuration files for Mercurial
Related
I know that gpg2 uses the gpg-agent to get private-keys. Per default they are stored in ~/.gnupg/private-keys-v1.d.
Now I'm questioning myself if it's possible to instruct gpg to use another agent on another machine? The documentation is not very helpful because it does not explain how to connect your gpg to another gpg-agent. But as gpg2 requires you to use gpg-agent their is no other way to use a new keyring.
My second question is, if it's possible to instruct gpg-agent to use another dir than the default private-keys-v1.d for looking up keys?
The documentation for gpg2 also contains no option to specify a new public keyring. Is it still available although not mentioned anymore in the docs?
Greetings Sebi2020
If you are connected from machine A (e.g. your PC) to remote machine B over SSH, yes, you can instruct gpg2 on B to use gpg2 agent on A, using GnuPG Agent Forwarding (link to the gnupg manual). This is how you can use your local gpg keys on remote machines typically. Make sure you have proper versions of gnupg and OpenSSH for that (see the manual).
You may not be able to change only the subfolder name private-keys-v1.d per se, but you can replace the default gpg home directory ~/.gnupg/private-keys-v1.d with whatever_directory/private-keys-v1.d, whatever_directory being whatever directory you want to use as gpg home directory. 2 ways of doing that: set the GNUPGHOME environment variable, or use gpg --homedir option. This is still valid for gpg 2.2.4 at least. E.g. using gpg keys from a usb drive: gpg --homedir /media/usb1/gnupg ...
The options to specify a new public keyring are --keyring and --primary-keyring (use --no-default-keyring to exclude default keyring completely). Valid for gpg 2.2.4.
Say I have the following ssh .config file:
Host host_nickname
User xxx
HostName yyy.zz.vvv
ControlMaster auto
ControlPath ~/.ssh/%r#%h:%p
In case you are not familiar with ControlMaster or ControlPath, here is the description from the ssh_config manual:
ControlMaster:
Enables the sharing of multiple sessions over a single network
connection. When set to ``yes'', ssh(1) will listen for connec-
tions on a control socket specified using the ControlPath argu-
ment. Additional sessions can connect to this socket using the
same ControlPath with ControlMaster set to ``no'' (the default).
These sessions will try to reuse the master instance's network
connection rather than initiating new ones, but will fall back to
connecting normally if the control socket does not exist, or is
not listening.
In Mercurial, if you want to push or pull from a repository, you could just type the following:
hg push ssh://user#example.com/hg/
Now, my question:
I would like to ask Mercurial to push (or pull) against a repository at /path/to/repository on the server corresponding to my ssh config entry host_nickname. How do I do this?
If you look under hg help urls you'll find
ssh://[user#]host[:port]/[path][#revision]
So, assuming that /path/to/repository works from your login dir on the remote machine, then type
hg [push|pull] ssh://host_nickname/path/to/repository
This works because hg isn't doing the name resolution; ssh is, and you've specified the correspondence between host_nickname and the real HostName. Also, ControlMaster won't affect this, as that just allows multiplexing over a single ssh connection. Note, if hg isn't in your remote PATH, then you need to specify it via --remotecmd /path/to/hg.
I have the hgeclipse plugin installed and I have a url source to go and clone from for a project that I need to begin work on. The authentication is based on ssh and my ssh key. I understand from basic googling that I need to set up a .hgr file with the path to the private. Can some one give me more pointers
Actually, you can include the path to the key in your Mercurial.ini/.hrgc file. You don't need Pageant or ssh-agent, unless you need to log in to multiple servers. If you're only ever logging in to one server, you can make your Mercurial.ini or .hgrc file have the following content:
[ui]
ssh = "TortoisePlink.exe" -ssh -2 -i "C:\Users\username\username_rsa.ppk"
This code is Windows-specific but basically, you just specify the path to the ssh program, use the -i flag and specify the path to the private key. That formula should work on all operating systems. If you're on Windows, you put that stuff in a file called "Mercurial.ini" and if you're on any other platform, it goes in a file called .hgrc
Hope this helps!
The private key must be added to ssh and not mercurial / hgrc.
You have to configure your ssh client to use your private key, but this depends greatly on the system you're using.
If you're on linux or mac os x, google some informations about using ssh-agent on your distribution.
If you're on Windows, you can use pageant for example.
I have such section in my ~/.hgrc config file
[auth]
repo.prefix = ssh://hguser#192.168.132.72/repos
repo.key = /home/zerkms/.ssh/mercurial-repo/id_rsa
But when I write:
hg clone ssh://hguser#192.168.132.72/repos/rps .
mercurial still requires password to enter.
What have I done wrong?
To prevent obvious questions:
Yes, there is a valid key in the specified path and it works if use it with ssh-agent.
My question is how to work with keys in [auth] section.
The following works for me (probably a new setting since the question was asked):
Add to hgrc:
[ui]
ssh = ssh -C -i ~/.ssh/id_rsa-mercurialkey
-C to enable compression, -i to specify identity file. If the key is loaded into ssh-agent, I don't get asked again for passphrase.
auth isn't for SSH. The key needs to be loaded in another way. If it were just ~/.ssh/id_rsa it would be done automatically, as it's not you may need to do something to register it. Using ~/.ssh/id_rsa is the easiest way normally - put the contents of ~/.ssh/id_rsa.pub in ~/.ssh/authorized_keys on the target machine and you're ready.
This is probably a simple problem and I'm feeling exceptionally dumb because I can't find a any kind of documentation.
I've just installed TeamCity 5 and I want to get files from my Mercurial hosting and there is two fields I just can't figure out.
HG Command path. What should I put here? The path to a file containing what? Can I get an example of that file somewhere?
The host is using Mercurial over SSH where do I define my private key?
Pull changes from? Should I put the address I'm cloning from i.e. ssh://username#myhost.something/project
I figured this out for my TeamCity 5 server last week.
HG Command path: HG
Pull changes from: https://bitbucket.org/.../.../
Don't put the username# in the URL. This is specificed as in the Username/Password fields. If you include the username in the URL it'll fail as there is a bug in the configuration tool. You'll also see a screenshot of the configuration attached to the thread:
http://www.jetbrains.net/devnet/message/5254640#5254640
I'd suggest getting things working with HTTPS and then moving to SSH if possible. This breaks things down into two easier to solve configuration problems. I used the following tutorial to get SSH going on my Windows client machine.
http://www.codza.com/mercurial-with-ssh-setup-on-windows
I've not set this up on my TeamCity server yet. However I did get TeamCity to pick up my Mercurial.ini settings by putting the ini file in \Documents and Settings\TeamCity, which is the account the service runs under.
I've not used team city, but I think hg command path is probably the full path to your local mercurial executable. For me (on linux) that's:
$ type hg
hg is /usr/bin/hg
On windows it's where the 'hg' executable in your system path was placed by whichever (of the many) windows installers for mercurial you used.
Pull changes from sounds like the URL to the repo, so:
ssh://username#myhost.something/project
or
ssh://username#myhost.something//project # note the _two_ double slashes
if you're using absolute paths on the server side.
Your private key location/specification depends on what you're using for ssh and whether or not you're running ssh-agent, but here's a links that explicitly points from within mercurial.ini, which seems sound:
http://dev.openttdcoop.org/projects/home/wiki/Configuring_TortoiseHg_(Windows)#Pointing-to-you-Private-key