Joey Armstrong | 56334fc | 2023-01-15 22:53:19 -0500 | [diff] [blame] | 1 | Gerrit SSH Access |
| 2 | ################# |
| 3 | |
| 4 | - `Gerrit Login <https://gerrit.opencord.org/login/%2Fq%2Fstatus%3Aopen%2B-is%3Awip>`_ |
| 5 | |
| 6 | Generate an :ref:`SSH Key <gerrit-user-account>` for access |
| 7 | ============================================================ |
| 8 | |
| 9 | .. sourcecode:: shell |
| 10 | |
| 11 | $ ssh-keygen -t ed25519 -f id_gerrit -C 'tux@opennetworking.org' |
| 12 | |
| 13 | - Login and configure gerrit |
| 14 | |
| 15 | - Verify your ssh connection (manual/explicit args) |
| 16 | - ssh -T -p 29419 -i ~/.ssh/id_gerrit tux@gerrit.opencord.org |
| 17 | - -T # disable pseudo terminal access, simple verify |
| 18 | - -p(port) |
| 19 | - -i(dentity) # ssh key |
| 20 | - Expect to see:: |
| 21 | \*\*\*\* Welcome to Gerrit Code Review \*\*\*\* |
| 22 | |
| 23 | Hi tux, you have successfully connected over SSH. |
| 24 | |
| 25 | Unfortunately, interactive shells are disabled. |
| 26 | |
| 27 | |
| 28 | Load your ssh key(s) to prompt for a passprase once |
| 29 | =================================================== |
| 30 | |
| 31 | .. sourcecode:: shell |
| 32 | |
| 33 | # ssh-add will prompt for the passphrase for your key. |
| 34 | # This is a one-time operation per login session. |
| 35 | $ ssh-add ~/.ssh/id_gerrit |
| 36 | $ ssh-add -l |
| 37 | |
| 38 | Create ~/.ssh/config to simplify your connections |
| 39 | ================================================= |
| 40 | .. sourcecode:: shell |
| 41 | |
| 42 | FILE: ~/.ssh/config |
| 43 | # IdentitiesOnly yes only use identity provided, no fallback |
| 44 | |
| 45 | Host github.com |
| 46 | IdentityFile ~/.ssh/github.com/id_ed25519 |
| 47 | IdentitiesOnly yes |
| 48 | # (default) Port 22 |
| 49 | User tux |
| 50 | |
| 51 | Host gerrit.opencord.org |
| 52 | Hostname gerrit.opencord.org |
| 53 | IdentityFile ~/.ssh/gerrit.opencord.org/id_ed25519 |
| 54 | IdentitiesOnly yes |
| 55 | Port 29418 |
| 56 | User tux@opennetworking.org |
| 57 | |
| 58 | With ~/.ssh/config setup simply connect to the target machine: |
| 59 | ============================================================== |
| 60 | - ssh gerrit.opencord.org |
| 61 | |
| 62 | |
| 63 | Secure permissions on ~/.ssh |
| 64 | ============================ |
| 65 | |
| 66 | .. sourcecode:: shell |
| 67 | |
| 68 | $ chown -R {my_login}:{my_login} ~/.ssh |
| 69 | $ chmod -R ~/.ssh u+rwx,og-rwx |
| 70 | $ find ~/.ssh -type d -print0 | xargs -0 chmod u=rwx |
| 71 | $ find ~/.ssh -type f -print0 | xargs -0 chmod u=r |
| 72 | $ find ~/.ssh -name '*.pub' -type f -print0 | xargs -0 chmod u=rw |
| 73 | $ chmod u=rw ~/.ssh/config ~/.ssh/known_hosts* ~/.ssh/authorized_keys |
| 74 | |
| 75 | Debugging connection problems |
| 76 | =============================== |
| 77 | - ssh [-v | -vv | -vvv ] to enable connection debugging. |
| 78 | - For conneciton problems be explicit when specifying arguments: |
| 79 | - ssh -p(ort) -i(dentity) {user}@{host} |
| 80 | - Use ssh-add -D to clear your keyring and force passphrase prompting. |