hg-ssh - cannot clone repository, but pull/push works

0
votes

I am trying to setup a new mercurial server (first time for me), serving with hg-ssh and am running into the problem that I can pull and push, but not clone a repository to the server.

In .ssh/authorized_keys on the server, I have the following line before the key:

no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=".../hg-ssh repos/*"

Without this line, cloning the repository works, so it's not a path issue.

I am somewhat baffled by this, because I would have expected hg-ssh to allow for cloning - am I wrong in assuming this? Is there some config I might have missed?

1
linuxsshmercurial
What errors you see in the log? What do you see if you try to ssh to this account with this key? .../hg-ssh repos/* does not sound right. What about the ...? I am not sure if the wildcard works here.Jakuje
Sorry, the wildcards was me editing out the full path for posting here, should have mentioned that. Cloning fails with 'Illegal command "hg init [path]'".Kirinya
That would be good idea. You might omit something that you consider unrelated, but it is crucial for the functionalityJakuje
Checked connecting via ssh with my key, this seems to work fine as far as I can tell. I don't get a shell due to the settings above, but this is expected.Kirinya
perhaps in addition to hg-ssh you should also allow hg, don't you think? checkout this mercurial-scm.org/pipermail/mercurial/2009-July/027021.htmlarhak

1 Answers

1
votes

I was unable to determine from the documentation whether hg-ssh should allow cloning to the server.

What I have done is change the line

command=".../hg-ssh repos/*"

to 

command="[path]/allowed-commands.sh

and implemented the script following https://serverfault.com/a/803873, redirecting all 'hg init' calls to hg directly, while redirecting all pull/push requests to hg-ssh.

This works fine for pull/push and clone.