Translation(s): English - ?Italiano


SSH access on alioth.debian.org (AKA svn.debian.org)

In many cases, you will have to login with SSH to alioth.debian.org (or one of its aliases like {svn,bzr,git,hg,darcs,arch}.debian.org), either to update the website of your project or to access associated VCS repositories. This page contains all the infos that you must know concerning your SSH access.

How to handle differing username

In many cases, your login on Alioth is not the same as your usual login (for example because of the -guest suffix). To avoid hardcoding your username everywhere, you can put this in your ~/.ssh/config:

Host svn.debian.org git.debian.org bzr.debian.org hg.debian.org darcs.debian.org arch.debian.org
    User my-alioth-username

With this setup, you can do git.debian.org instead of ssh my-alioth-username@git.debian.org. It also avoids the need to hardcode your username in many VCS URLs.

Logging in for the first time

The first time that you login to a machine, your SSH client asks you to verify the fingerprint of the SSH public key of the Alioth host. If the fingerprint differs, you're not connecting to Alioth and you should immediately stop.

The fingerprints of Alioth's SSH host key is the following (GPG signed):

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

2048 8c:c0:b8:9f:0a:79:ee:1c:77:c4:b8:a1:70:55:b7:31 /etc/ssh/ssh_host_rsa_key.pub (RSA)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJNpKveAAoJELZaSHHKGdcXn+IP/iCFqcBxLWP6tYeGH2mURDvD
1O98zA3ZbFgo0x8wo4iE51ZNg5BC4WL9r+awj7lWjr9BstnGcOUm3+L9E24M2t30
FmK97Vj6HGjaEY2S4xmmv7GTghohXle2u9eiesZ4uncvUoyr3cNqjdsXa0073nvH
K3Z++SlowW8svpxwGzYvpjU9R6vQoongFePJbsztMIp3Bg2hTDhxunNgN/RvT6pv
RNsH80RdyefrXfW4akcaxwKQlehh171NzqcP/PEdHkYj4fpUv2L5YTPwSpjsRXme
sAWcHFafCOoRCCUuFO+2K1mSJQ8YNA+Fg9ZjmSpXeC/jC7YOKtmFpphJPgrueJiH
+BvDpjx5ln6pw9PcFF8IIA0GpteT29w/YdI3IW02mF+o2UwyZGUeRMN4vJf8L9Ms
PMPUcuVVUqfWloiFb+EjiLIwChi4Xvdw2FiIaTX0E4DiU/2/zLiTayFFZfvPUQgB
87FnnsED3RhVv/STzVGNPQyOj3lUKv2qALicTlLLIs/D7vDe30vapeeWMXBYh2bZ
kkvpi/lA8KmSD0d6mv+dXh15h6ASrzP99mO7hTCbapgx0hg9kXIwITBJuzWf3vyV
rZohiFcajrtMM4t9ZOopcDtsiK58joO/uNjIOSG9Is6OQeIM+0zphFDbGHQcFiZ+
KZp46YU5tdWpAKKp7Ilf
=Q2IV
-----END PGP SIGNATURE-----

Installing SSH keys

If you need to connect frequently to Alioth, you should consider authenticating with your own SSH public/private keys (instead of an account password).

To generate an SSH key pair on your computer, you execute ssh-keygen -t rsa and type a pass-phrase to secure the private key. The public key will be stored in ~/.ssh/id_rsa.pub and it's the content of that file that you'll have to paste in the Gforge form mentioned below.

Gforge stores the SSH keys in its database and automatically generates the file ~/.ssh/authorized_keys for you. Thus if you want to add your own SSH key, you have to use the dedicated web page: https://alioth.debian.org/account/editsshkeys.php

Any manually created ~/.ssh/authorized_keys file will be automatically deleted every hour.

I'm unable to Connect via SSH, ...

... and I've only recently been added to a project

You will need to wait 24 hours - this is the current administrative turnover. You have to be a member of at least one project to be able to login via ssh. https://alioth.debian.org/users/<my-username> shows the projects you are member of, if any.

... and I've only recently added my SSH public key to Alioth

You will need to wait upto an hour; the processing of your key is carried out by an hourly cron-job.

... but Alioth responds to pings

Alioth has fail2ban installed. This will block your SSH access for 10 minutes after 3 login failures logged by SSH. That includes cases where your SSH client tries to connect with a key that's not registered in your account, even if the correct key is sent afterwards. The fix is simple, modify your ~/.ssh/config to send only the right key.

Host svn.debian.org git.debian.org bzr.debian.org hg.debian.org darcs.debian.org arch.debian.org
    IdentityFile ~/.ssh/id_alioth

Of course, you should replace ~/.ssh/id_alioth by the filename of the private key whose public counterpart you registered in Alioth. Debian developers should use their standard Debian keys (to be configured via db.debian.org).

Good practices of SSH usage

You must read this: http://lackof.org/taggart/hacking/ssh/

This document sums up many good practices that regular SSH users should follow in order to avoid compromising the security of their accounts (and of the whole machine at the same time).


?CategoryAlioth