Back to Support 

Gitolite SSH Setup

Create SSH key on Linux

SSH keys offer a highly secure way of logging into a server and are best practice for authentication, allowing more security than a simple password.  SSH keys are tied to your identity (your email used on CAF) so you will need to ensure you have created or submitted SSH keys that match your identity. 

  • To create a key-pair, run ssh-keygen with the -t option. The -t option specifies which crypto system you want the key to use. The valid options are "rsa", "dsa". In this example, we have elected to use RSA authentication with keys that are 2048 bits or greater:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair

  • Next you will be prompted for a passphrase, which is used to encrypt the private key. After you enter the passphrase you will be asked to verify it.

Enter file in which to save the key (/home/sshuser/.ssh/id_rsa):
              Enter passphrase (empty for no passphrase): **********************
Enter same passphrase again: **********************

  • If the two passphrases do not match, you will be given an error message and asked to enter the passphrases in again, as shown below.

Passphrases do not match. Try again.
              Enter passphrase (empty for no passphrase): **********************
Enter same passphrase again: **********************

  • Once the passphrases match, ssh-keygen will display a message indicated where the public and private keys will be saved.

Your identification has been saved in /home/sshuser/.ssh/id_rsa.
              Your public key has been saved in /home/sshuser/.ssh/id_rsa.pub.
              The key fingerprint is:
              9a:7a:87:33:14:d2:12:72:7c:3f:ea:54:a4:2e:b6:ba sshuser@server.example.com

Configure SSH client settings

  • Edit your ssh client configuration, such that ssh requests to git.codeaurora.org are sent over port 9222 (if your site filters port 22). This is accomplished by creating or modifying /home/<sshuser>/.ssh/config file with the following values.
Host *.codeaurora.org
  IdentityFile ~/.ssh/id_rsa  # (The path to the private key you generated, such as: /home/<sshuser>/.ssh/id_rsa)
  User git
  Port 9222 # Optional: Can be used if a firewall is blocking port 22
  ControlPath ~/.ssh/%r@%h:%p
  ControlMaster auto
  ControlPersist 30m
  • Check that the file permissions are set properly on /home/<sshuser>/.ssh/config.  You can set the correct permissions by running the following command:
chmod 0700 ~/.ssh
chmod 0600 ~/.ssh/config
  • Check alternate ports:

To check if port 22 is open:
ssh -p 22 git@git.codeaurora.org info <CAF_area>/<CAF_shortname>/<CAF_repository>

To check if port 9222 is open:
ssh -p 9222 git@git.codeaurora.org info <CAF_area>/<CAF_shortname>/<CAF_repository>

Update /home/<sshuser>/.ssh/config with the port that succeeded in the above commands.

Submitting your SSH key to CAF

You must generate your SSH public/private key, pair and upload the public key to your Developer account. SSH keys are tied to your identity (your email used on CAF) so you will need to ensure you have created or submitted SSH keys that match your identity in order to validate your access permissions.  CAF only supports 1 SSH key per user.

  Keys less than 2048 bits in length will not be accepted for security reasons.

  1. Login to your Developer account on the CodeAurora website.
  2. Click on My account in the upper right corner.
  3. Click on the tab entitled "SSH keys".
  4. Click "Add a public key", enter a key title, paste the key in the appropriate field and click "Save".
  5. Copy the ssh key fingerprint.
  6. Once your project is confirmed, send an e-mail to itpeople@codeaurora.org with the Subject: SSH Key for user: username@yourdomain.com. In the e-mail please detail:
    1. Your CAF account name.
    2. Which project/repositories you need access
    3. The ssh key fingerprint from step 4.  This command will output the fingerprint:  
                       ssh-keygen -lf <path to public key>
    4. Be sure to Cc: the project admins of the project/repos you need access to so they can approve.

  Once we verify with the project administrators that you should have access, we will grant it.

Changing your SSH key

Please upload your new key to your account and then contact ITPeople if you need to change your SSH key.

Updating your registered email associated with your SSH key to CAF

If you no longer have access to the email you used to create your SSH key, there is no need to update your SSH key but you will need to update your registered email address.  If you do not update your registered email, this will be an issue if you forget your CAF password as you may no longer have access to receive the recovery information that is sent to your registered email.

  1. Login to your Developer account CodeAurora website.
  2. Click on My account in the upper right corner.
  3. Click on the tab entitled "Edit".
  4. Update the E-mail address field with your new e-mail.
  5. Scroll to the bottom and click Save.

Validate SSH key stored on CAF

You can use ssh-keygen to validate your public key matches what is uploaded on CAF.  For example if your SSH keys are in your home directory ~/.ssh/ directory you would run.

 ssh-keygen -l -f ~/.ssh/id_rsa.pub -E md5

This will return your SSH public key fingerprint and you can validate it matches your public key fingerprint.

Also if you can run the following command to get extra ssh debug information:

 $ ssh -T -v gitolite3@git.codeaurora.org

SSH Servers

Beginning April 14, 2018 at 10AM PDT

git.codeaurora.org        -> gl-master-us-west.codeaurora.org

privgit.codeaurora.org will resolve to one of the below depending on your location:

privgit-us.codeaurora.org -> gl-minion-us-west.codeaurora.org
privgit-hk.codeaurora.org -> gl-minion-ap-south.codeaurora.org

New IPs:

gl-master-us-west.codeaurora.org  : 18.236.24.28
gl-minion-us-west.codeaurora.org  : 52.36.164.61
gl-minion-ap-south.codeaurora.org : 13.127.252.195

Tags:
Created by Greg Stinocher on 2013/01/15 14:50
   
This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 7.4.3 - Documentation