Back to Home

Installing Mercurial Server and Using SSH Authentication

mercurial · hg · ssh · putty · tortoisehg

Installing Mercurial Server and Using SSH Authentication

A few days ago, they set me the task - to raise the mercurial repository on one of the local machines, and set one condition - mandatory SSH authorization. Installation will be performed using Mercurial Server on a 64-bit server Ubunt.

Install Mercurial Server


The first thing that came to mind was the installation from the repositories. After updating the packages and running the command:
apt-get install -y mercurial-server

I found that version 1.0.1-1 was installed, which is not the latest.
A deb package with version 1.2-1 was discovered on the official website , which was installed by the team
dpkg -i mercurial-server_1.2-1_all.deb


Configure SSH for key authorization


Because I wanted all the keys of users who have access to the server via ssh to be stored in one place, the following line was added to the / etc / ssh / sshd_config file :
AuthorizedKeysFile /etc/ssh/keys/%u.pub
It means that the key files should be stored in the / etc / ssh / folder keys / and look like username.pub

Configure Mercurial Server


The Mercurial Server config home directory is located in / var / lib / mercurial-server . We are interested in the .mercurial-server file , it is in it that the main server config is stored. There you can change the paths to repositories, directories with public keys, etc. my repositories are moved to another drive, I changed the repos variable accordingly.
Users are divided into two groups: root (have full rights to all repositories, including creation) and users (have the right to pull and push).
The keys of users who should have access to the server must be placed in the / etc / mercurial-server / keys / users folder , and the keys of administrators -/ etc / mercurial-server / keys / root .

Hgadmin special repository

After installing the server, the hgadmin service repository is automatically created in which you can store the keys of users and administrators. This is very convenient because no need to manually load user keys.
The structure is exactly the same as in the system, i.e. keys are stored in / hgadmin / keys / users and / hgadmin / keys / root for users and administrators respectively.
There you can store the access.conf file which is responsible for user access rights.

Final setup


Since, by default, the keys for accessing the hg user are stored in ~ / .ssh / authorized_keys, we need to create a symbolic link in the / etc / ssh / keys / directory . To do this, run the command:
 ln -s /var/lib/mercurial-server/.ssh/authorized_keys /etc/ssh/keys/hg.pub


After we placed the key in / etc / mercurial-server / keys, we need to update the access rights, to do this, run the following command:
sudo -u hg /usr/share/mercurial-server/refresh-auth

If keys were added using hgadmin, then the changes take effect automatically.

Access the repository using TortoiseHg


First of all, you need to download Pageant, it will transfer TortoiseHg private key if necessary. For convenience, I wrote a bat'nik that runs when the system starts. Its meaning is to add a private key to Pageant.
start pageant.exe node.ppk

After starting pageant, all that remains is to clone the repository.
We clone the special hgadmin repository with the command:
hg clone ssh://hg@server/hgadmin

You can create a new repository with the command:
hg init ssh://hg@server/myrep

useful links

Read Next