SSH

The SSH key consists of a public/private key pair that you create for each user on each computer used as a Git client. Git users who already have an SSH key can send the public key to their administrator for further handling.

When you have the SSH key, you can share the public key with the Helix Server machine and then verify the key in the Git Connector server.

The Git Connector configuration script updated your /etc/ssh/sshd_config file so that your sshd server provides real time support for pubkey lookup through the git-connector.

By default, the Git Connector authenticates the public key of each user in real time. This assumes that you have uploaded your public key to the Helix Core Server.

Note

If your SSH configuration does not allow such authentication, the Git Connector script updates the configuration script with a crontab job that moves the public keys from Helix Core Server to the Git Connector. This crontab job is set to run every 10 minutes.

Note

Helix Server users who have, at a minimum, the list access to a filename in the protections table can add their own public SSH keys to the Helix Server. For example:

p4 pubkey -i -s scopeName < my_id_rsa.pub

A Helix Server user with the access level of super or admin can add a key for another user by specifying the (-u) option. For example:

p4 pubkey -i -s scopeName -u bruno < bruno_id_rsa.pub

See Prerequisite for a user to upload a key in the p4 pubkey topic of Helix Core Command-Line (P4) Reference.

Tip

If you have several public keys, you can define a scope for each key to be able to quickly distinguish between them. This is useful if you need to delete a key. To get a list of keys along with their scope, run the p4 -ztag pubkeys command. For examples, see p4 pubkeys.

  1. To create the SSH key, run the following command and follow the prompts:

    $ ssh-keygen -t rsa

  2. Let us assume:

    • You are a user with admin or superuser privilege on the Helix Server, but you are NOT logged in to Helix Server as an admin or superuser from the host running the command.
    • P4PORT is set in your environment.
    • A user named bruno, P4USER=bruno, has emailed his id_rsa.pub file to you and that file is stored in /drive/userA/id_rsa.pub.

    To add the key to the Helix Server machine, run the command:

    $ p4 -u admin pubkey -u bruno -s scopeName -i < /drive/userA/id_rsa.pub

    However, if P4PORT is NOT set, include the server name and port number:

    $ p4 -p helixserver:1666 -u admin pubkey -u bruno -s scopeName -i < /drive/userA/id_rsa.pub
    Note

    Users without admin permission need to run this command without the -u option:

    $ p4 pubkey -i -s scopeName < ~/.ssh/id_rsa.pub

    Otherwise, they receive the following error message:

    You don't have permission for this operation.
  3. Have Git client users run the following command to verify that they can successfully connect to the Git Connector. This command is similar to the p4 info command in that it displays information about the installed applications.
    $ git clone git@ConnectorHost:@info
    Note

    Ignore the following message:

    fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

    If you see p4 info output, the command was successful.

    If you are prompted for the Git password, this indicates an issue with the SSH setup. See Troubleshooting.