p4 pubkey (graph)

Add, update, or delete an SSH public key on the Helix Server.

Note

For depots of type graph only.

Syntax

p4 [g-opts] pubkey -i [-u user] [-s scope] [-f]
p4 [g-opts] pubkey -d -u user | -s scope

Syntax conventions

Description

The user or the administrator uses this command to:

  • upload a user’s public SSH key onto the server
  • force an update of the user’s key that overwrites the old key
  • delete a user’s key

Scope

When you upload a user’s public SSH key onto the server, if you do not specify an explicit scope, the key gets default as its implicit scope name.

If a user has more than one computer, and thus more than one SSH key, we recommend that you assign an explicit scope name for each key. A typical scope name might be a physical location, such as home or office, or a computer name, such as server1, macintosh_laptop, or Windows_desktop.

When you delete a key associated with the specified user, if you do not specify an explicit scope, this command deletes the key with the implicit default scope.

You cannot update the scope, but you can delete the key and generate a new key with whatever scope you want.

Note

To get a listing of all the keys and scopes for a specific user, see the p4 pubkeys topic, Examples.

Prerequisite for a user to upload a key

The prerequisite to being able to upload a SSH public key on the Helix Server is to have, at a minimum, the list access to a filename in the protections table. Let us assume that the Helix Server administrator wants the protections table to provide only this minimum access.

As super user, the administrator issues the p4 protect command, which opens the Protections form.

The administrator fills out the Protections form to specify that members of a group named repoUsers have list access to a specific file:

 list group repoUsers * //depot/no-file.txt

Note that no-file.txt does not need to be an actual file.

The administrator issues the p4 group command with the repoUsers group name:

$ p4 group repoUsers

In the Group Specification form, the administrator adds the names of the users who belong to the repoUsers group.

Options

-d

Deletes the key for the specified user. If you do not specify a scope, deletes the specified user’s key that has the default scope. If you specify a scope, deletes the key associated with that scope.

-f

The -f option allows a user or an administrator to force an overwrite of the user’s existing key.

-i entry-from-standard-input

Uploads the public SSH key from the location specified in a standard input redirect.

-s scope

Assigns a scope to this public key, which is useful if a given user has more than one key. If you do not use this option to specify a scope, the scope is set to default automatically.

-u username

Administrators can associate the key with a specific user.

Note

There is no check to validate whether the specified user actually exists.

g-opts

See Global options.

Usage Notes

Can File Arguments Use Revision Specifier? Can File Arguments Use Revision Range? Minimal Access Level Required

N/A

N/A

super to update or delete someone else's pubkey, list to add, update or delete your own

Examples

Upload with scope

The user indicates the location of the key with a standard input redirect. A best practice is to provide an explicit scope that helps the user identify which computer the key belongs to. The explicit scope also ensures the user does not inadvertently overwrite the implicit scope, which has default as its implicit name.

p4 pubkey -i < path/to/your/.ssh/id_rsa.pub -s mac-laptop

The admin can upload the key for the user by including the -uusername option.

p4 pubkey -i < path/to/your/.ssh/id_rsa.pub -u bruno -s mac-laptop

Force an update to an existing key

If a message appears that is similar to the following:

Public Key for 'bruno/mac-laptop' already exists, use '-f' to replace.

To force the overwrite of an existing key, include the -f force option.

p4 pubkey -f -u bruno -s mac-laptop -i < path/to/your/.ssh/id_rsa.pub

Delete a key

To delete the SSH public key for the specified user and the default scope, which is implicit.

p4 pubkey -d -u bruno

To delete the SSH public key for the specified user and scope.

p4 pubkey -d -u bruno -s windows-laptop

Related Commands

To list the SSH public keys

p4 pubkeys