I want to make an ssh key (passwordless) that I can hand out to remote users so they can do an hg pull or hg clone of my repositories.
I've gotten as far as making an ssh key that uses only the command /usr/bin/hg but that doesn't work when using the clone or pull commands, because the command string doesn't match whatever the remote command call mercurial uses internally.
Is it possible to get the commands mercurial executes on the remote host when you do a:
hg clone ssh://user@host//path-to-repo
hg pull ssh://user@host//path-to-repo
And can I reliably come up with a couple command strings that will cover all my bases? If they were going to pull with a specific revision, would that use a different remote command through the ssh?
Best Answer
Mercurial comes with handy script already setup for exactly this sort of restricted access. THe script is probably already on your server and is named hg-ssh, but you can also find it here: http://www.selenic.com/repo/hg-stable/raw-file/tip/contrib/hg-ssh
To use it just put a line like this in your
/home/user/.ssh/authorized_keys
file:that'll make sure that people w/ that key can only use mercurial (not a shell) and only on the repos you list.