grim/hgkeeper

Add a note about downloads and pgp verification to the readme

23 months ago, Gary Kramlich
ebc5f568d629
Add a note about downloads and pgp verification to the readme
# SSH Access
How you access HGKeeper over SSH will depend a lot on the
[run mode](../runmodes) as well as how the server has been configured. However,
there are some not so obvious things to HGKeeper that need to be addressed.
## Remote URLs
Cloning, pushing, and pulling are going to be just like they are for any SSH
based Mercurial hosting. Of course you will have to match the port number in
your remote url to match.
If you're running HGKeeper in [standalone mode](../standalone) with it's
default port of `22222` you'll need to specify that port when cloning:
```sh
hg clone ssh://example.com:22222/hgkeeper
```
If you're running HGKeeper behind OpenSSH in either [on demand](../ondemand) or
[reverse proxy](../reverseproxy) mode, then you must specify the user name you
have configured:
```sh
hg clone ssh://hg@example.com/hgkeeper
```
## Creating Repositories
HGKeeper's web interface is just
[hgweb](https://www.mercurial-scm.org/wiki/PublishingRepositories#hgweb), which
means there is no way to create repositories from the web interface.
However, `hg init`, which we use to create repositores locally, also works on a
remote. So to create a repository, assuming you have the `init` permission in
the authorization policy, you can use the following command:
```
hg init ssh://hg@example.com/coolstuff/frontend
```
If this completes without displaying an error, you can now clone the brand new
empty repository with the following command:
```
hg clone ssh://hg@example.com/coolstuff/frontend
```
## Gotchas
As you may have imagined, integrating with OpenSSH can be somewhat difficult to
get correct and even then there are some issues that crop up that may leave you
stumped. This section aims to alleviate these issues.
### Reverse Proxying
HGKeeper works like any other Mercurial service that is hosted over SSH.
However, if you are running HGKeeper in [reverse proxy](../reverseproxy) mode
with OpenSSH infront of it, you will need to use an SSH Agent and make sure
that it is being forwarded when connecting to your server.
On Linux/BSD, you can easily do this by adding a host configuration to your
`~/.ssh/config` file. Be sure to replace `hg` and `example.com` with your
real values.
```ssh_config
match User hg Host example.com
ForwardAgent yes
```
### No Mutual Signature Algorithm
Recent releases of OpenSSH Server have
[disabled rsa signatures](https://www.openssh.com/txt/release-8.7). If you are
using an `RSA` based host key, you will need to add a section to your
`~/.ssh/config` to permit this. But please note, this is currently deprecated
and is planned to be removed in the future, so this setting is just to keep you
running while you work on migrating to a more secure host key.
```ssh_config
match User hg Host example.com
PubkeyAcceptedKeyTypes ssh-rsa
```