Gerrit SSH Access

Generate an SSH Key for access

$ ssh-keygen -t ed25519 -f id_gerrit -C ''
  • Login and configure gerrit

  • Verify your ssh connection (manual/explicit args)
    • ssh -T -p 29418 -i ~/.ssh/id_gerrit
      • -T # disable pseudo terminal access, simple verify

      • -p(port)

      • -i(dentity) # ssh key

    • Expect to see::

      **** Welcome to Gerrit Code Review ****

      Hi tux, you have successfully connected over SSH.

      Unfortunately, interactive shells are disabled.

Load your ssh key(s) to prompt for a passprase once

# ssh-add will prompt for the passphrase for your key.
# This is a one-time operation per login session.
$ ssh-add ~/.ssh/id_gerrit
$ ssh-add -l

Create ~/.ssh/config to simplify your connections

FILE: ~/.ssh/config
# -----------------------------------------------------------------------
# AddKeysToAgent yes      auto ssh-add key for reuse this login session.
# IdentitiesOnly yes      only use identity provided, no fallback
# -----------------------------------------------------------------------

   IdentityFile ~/.ssh/
   IdentitiesOnly yes
   AddKeysToAgent yes
   # (default) Port 22
   User tux

   IdentityFile ~/.ssh/
   IdentitiesOnly yes
   AddKeysToAgent yes
   Port 29418

With ~/.ssh/config setup simply connect to the target machine:

  • ssh

Secure permissions on ~/.ssh

$ chown -R {my_login}:{my_login} ~/.ssh
$ chmod -R ~/.ssh u+rwx,og-rwx
$ find ~/.ssh -type d -print0 | xargs -0 chmod u=rwx
$ find ~/.ssh -type f -print0 | xargs -0 chmod u=r
$ find ~/.ssh -name '*.pub' -type f -print0 | xargs -0 chmod u=rw
$ chmod u=rw ~/.ssh/config ~/.ssh/known_hosts* ~/.ssh/authorized_keys

Debugging connection problems

  • ssh [-v | -vv | -vvv ] to enable connection debugging.

  • For conneciton problems be explicit when specifying arguments:
  • Use ssh-add -D to clear your keyring and force passphrase prompting.