0
votes

I am trying to setup a new mercurial server (first time for me), serving with hg-ssh and am running into the problem that I can pull and push, but not clone a repository to the server.

In .ssh/authorized_keys on the server, I have the following line before the key:

no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=".../hg-ssh repos/*"

Without this line, cloning the repository works, so it's not a path issue.

I am somewhat baffled by this, because I would have expected hg-ssh to allow for cloning - am I wrong in assuming this? Is there some config I might have missed?

1
What errors you see in the log? What do you see if you try to ssh to this account with this key? .../hg-ssh repos/* does not sound right. What about the ...? I am not sure if the wildcard works here. - Jakuje
Sorry, the wildcards was me editing out the full path for posting here, should have mentioned that. Cloning fails with 'Illegal command "hg init [path]'". - Kirinya
That would be good idea. You might omit something that you consider unrelated, but it is crucial for the functionality - Jakuje
Checked connecting via ssh with my key, this seems to work fine as far as I can tell. I don't get a shell due to the settings above, but this is expected. - Kirinya
perhaps in addition to hg-ssh you should also allow hg, don't you think? checkout this mercurial-scm.org/pipermail/mercurial/2009-July/027021.html - arhak

1 Answers

1
votes

I was unable to determine from the documentation whether hg-ssh should allow cloning to the server.

What I have done is change the line

command=".../hg-ssh repos/*"

to

command="[path]/allowed-commands.sh

and implemented the script following https://serverfault.com/a/803873, redirecting all 'hg init' calls to hg directly, while redirecting all pull/push requests to hg-ssh.

This works fine for pull/push and clone.