Differences between revisions 1 and 37 (spanning 36 versions)
Revision 1 as of 2007-10-25 16:36:27
Size: 2694
Comment: First version of the page
Revision 37 as of 2017-01-23 18:28:06
Size: 4247
Editor: ?JulienCristau
Comment: tweaks
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= SSH access on alioth.debian.org = ## page was renamed from AliothSSH
#language en
~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[it/Alioth/SSH|Italiano]]-~
----

= SSH access on alioth.debian.org (AKA svn.debian.org) =
Line 4: Line 9:

<<TableOfContents>>
Line 9: Line 16:
Host alioth.debian.org svn.debian.org git.debian.org bzr.debian.org hg.debian.org darcs.debian.org arch.debian.org Host svn.debian.org git.debian.org bzr.debian.org hg.debian.org darcs.debian.org arch.debian.org cvs.debian.org alioth.debian.org
Line 13: Line 20:
With this setup, you can do {{{ssh alioth.debian.org}}} instead of {{{ssh my-alioth-username@alioth.debian.org}}}. It also avoids the need to hardcode your username in many VCS URLs. With this setup, you can do {{{ssh git.debian.org}}} instead of {{{ssh my-alioth-username@git.debian.org}}}. It also avoids the need to hardcode your username in many VCS URLs.
Line 15: Line 22:
== Logging for the first time == == Logging in for the first time ==
Line 17: Line 24:
The first time that you login to a machine, SSH asks you to verify the SSH public key fingerprint. The first time that you login to a machine, your SSH client asks you to verify the fingerprint of the SSH public key of the Alioth host.
Line 20: Line 27:
The fingerprints of Alioth are the following:
{{{
1024 fe:65:bb:fc:43:81:5a:c0:5c:84:b7:cc:62:58:3c:64 ssh_host_dsa_key.pub
1024 f7:fa:20:ca:10:15:ad:a4:43:5d:1c:21:fa:10:da:a9 ssh_host_rsa_key.pub
}}}

You can find them GPG-signed in [http://lists.debian.org/debian-devel-announce/2006/10/msg00029.html this] mail.
Alioth's SSH host keys can be found on https://db.debian.org/machines.cgi?host=moszumanska
Line 30: Line 30:
If you need to connect frequently to Alioth, you should consider using SSH key authentication.
On your computer, you execute {{{ssh-keygen -t dsa}}} and you follow the instructions.
Alioth does not allow password authentication via SSH. You need to authenticate with your own SSH public/private keys. Currently only RSA keys are allowed.

To generate an SSH key pair on your computer, you execute {{{ssh-keygen -t rsa}}} and type a pass-phrase to secure the private key. The public key will be stored in {{{~/.ssh/id_rsa.pub}}} and it's the content of that file that you'll have to paste in the Gforge form mentioned below.
Line 34: Line 35:
http://alioth.debian.org/account/editsshkeys.php https://alioth.debian.org/account/editsshkeys.php
Line 36: Line 37:
Any manually created {{{~/.ssh/authorized_keys}}} file will be automatically deleted every 15 minutes. If you really want to set it up manually, you should use {{{~/.ssh/authorized_keys2}}}. Any manually created {{{~/.ssh/authorized_keys}}} file will be automatically deleted every hour.
Line 38: Line 39:
== I'm unable to connect to SSH, but Alioth responds to pings == == I'm unable to Connect via SSH, ... ==
Line 40: Line 41:
Alioth has [http://packages.debian.org/stabke/fail2ban fail2ban] installed. This will block your SSH access for 10 minutes after 3 login failures. === ... and I've only recently been added to a project ===
You will need to wait 24 hours - this is the current administrative turnover. You have to be a member of at least one project to be able to login via ssh. https://alioth.debian.org/users/<my-username> shows the projects you are member of, if any.

=== ... and I've only recently added my SSH public key to Alioth ===
You will need to wait upto an hour; the processing of your key is carried out by an hourly cron-job.

== Example VCS URLs ==

{{{
git+ssh://git.debian.org/git/pkg-foo/foo.git
}}}
Line 48: Line 59:
Configure your {{{~/.ssh/config}}} to send only the right key.

{{{
Host svn.debian.org git.debian.org bzr.debian.org hg.debian.org darcs.debian.org arch.debian.org cvs.debian.org alioth.debian.org
    IdentityFile ~/.ssh/id_alioth
    IdentitiesOnly yes
}}}

Of course, you should replace {{{~/.ssh/id_alioth}}} by the filename of the private key whose public counterpart you registered in Alioth. Debian developers should use their standard Debian keys (to be configured via db.debian.org).

= External links =
 * https://lists.debian.org/debian-devel-announce/2011/05/msg00007.html
 * https://lists.debian.org/debian-devel-announce/2011/05/msg00008.html
 * https://lists.debian.org/debian-devel-announce/2011/05/msg00009.html - Alioth status updates, including SSH host keys.
 * https://lists.debian.org/debian-infrastructure-announce/2013/11/msg00002.html
 * https://lists.debian.org/debian-devel/2014/02/msg01198.html - Updates after the disk failures.

Translation(s): English - ?Italiano


SSH access on alioth.debian.org (AKA svn.debian.org)

In many cases, you will have to login with SSH to alioth.debian.org (or one of its aliases like {svn,bzr,git,hg,darcs,arch}.debian.org), either to update the website of your project or to access associated VCS repositories. This page contains all the infos that you must know concerning your SSH access.

How to handle differing username

In many cases, your login on Alioth is not the same as your usual login (for example because of the -guest suffix). To avoid hardcoding your username everywhere, you can put this in your ~/.ssh/config:

Host svn.debian.org git.debian.org bzr.debian.org hg.debian.org darcs.debian.org arch.debian.org cvs.debian.org alioth.debian.org
    User my-alioth-username

With this setup, you can do ssh git.debian.org instead of ssh my-alioth-username@git.debian.org. It also avoids the need to hardcode your username in many VCS URLs.

Logging in for the first time

The first time that you login to a machine, your SSH client asks you to verify the fingerprint of the SSH public key of the Alioth host. If the fingerprint differs, you're not connecting to Alioth and you should immediately stop.

Alioth's SSH host keys can be found on https://db.debian.org/machines.cgi?host=moszumanska

Installing SSH keys

Alioth does not allow password authentication via SSH. You need to authenticate with your own SSH public/private keys. Currently only RSA keys are allowed.

To generate an SSH key pair on your computer, you execute ssh-keygen -t rsa and type a pass-phrase to secure the private key. The public key will be stored in ~/.ssh/id_rsa.pub and it's the content of that file that you'll have to paste in the Gforge form mentioned below.

Gforge stores the SSH keys in its database and automatically generates the file ~/.ssh/authorized_keys for you. Thus if you want to add your own SSH key, you have to use the dedicated web page: https://alioth.debian.org/account/editsshkeys.php

Any manually created ~/.ssh/authorized_keys file will be automatically deleted every hour.

I'm unable to Connect via SSH, ...

... and I've only recently been added to a project

You will need to wait 24 hours - this is the current administrative turnover. You have to be a member of at least one project to be able to login via ssh. https://alioth.debian.org/users/<my-username> shows the projects you are member of, if any.

... and I've only recently added my SSH public key to Alioth

You will need to wait upto an hour; the processing of your key is carried out by an hourly cron-job.

Example VCS URLs

git+ssh://git.debian.org/git/pkg-foo/foo.git

Good practices of SSH usage

You must read this: http://lackof.org/taggart/hacking/ssh/

This document sums up many good practices that regular SSH users should follow in order to avoid compromising the security of their accounts (and of the whole machine at the same time).

Configure your ~/.ssh/config to send only the right key.

Host svn.debian.org git.debian.org bzr.debian.org hg.debian.org darcs.debian.org arch.debian.org cvs.debian.org alioth.debian.org
    IdentityFile ~/.ssh/id_alioth
    IdentitiesOnly yes

Of course, you should replace ~/.ssh/id_alioth by the filename of the private key whose public counterpart you registered in Alioth. Debian developers should use their standard Debian keys (to be configured via db.debian.org).

External links


?CategoryAlioth