Fossil User Forum

Fossil and SSH?
Login

Fossil and SSH?

Hierarchical

Fossil and SSH?

(1) By marcc (marcc123) on 2025-04-08 13:08:17 [link] [source]

Heya!

I'm looking into Fossil as a potential VCS for a project.

I think using SSH as authentication would be simpler for this project, so that I can use public keys for authentication rather than username/password. I don't really want to expose the project publicly with HTTP.

I am still trying to wrap my head around how fossil works with SSH though. What is best practice for setting it up?

Do I create one Linux user per user in fossil and then they are automatically signed in when they clone using their public key? Do I create a "fossil" Linux user that people can use to clone the repository, and then they sign in with their fossil username?

Any recommendations? Thank you in advance

(2) By Richard Hipp (drh) on 2025-04-08 13:16:05 in reply to 1 [link] [source]

What is best practice for setting [fossil sync over ssh] up?

That's almost a no-op. It just works.

Suppose you have a remote system named "remote" to which you can easily ssh. Then to clone a repo from remote you say:

fossil clone ssh://remote/path/to/repo.fossil

After that "fossil sync" just works. If you already have the same repo both locally and on remote, you can establish the link using:

fossil sync ssh://remote/path/to/repo.fossil

You can also access the remote repository using "fossil ui", though the syntax is slightly different:

fossil ui remote:path/to/repo.fossil

As a special case, if the "path/to/repo.fossil" is just a literal "/", then Fossil shows you a menu of all the repositories it knows about on the remote system, and you can click on any of them to visit it individually. Ex:

fossil ui remote:/

(3) By Richard Hipp (drh) on 2025-04-08 13:24:12 in reply to 2 [link] [source]

Another example: I have an alias named "core" in my ~/.ssh/config file that references the server that hosts this Forum, and the main Fossil website, and the main SQLite website, and a bunch of other stuff. I can look at every Fossil repository on that server from my desktop with this command:

fossil ui core:/

How does that work? The local Fossil uses ssh to start an instance of "fossil ui" running on the remote side, but tunnels the HTTP traffic back over ssh. Then it launches your local web browser to look a the near-side TCP port of the tunnel. Fossil actually prints the "ssh" command that it uses to do this when you run the command, so that you can see what is happening.

(4) By Daniel Dumitriu (danield) on 2025-04-08 14:11:33 in reply to 2 [link] [source]

fossil clone ssh://remote/path/to/repo.fossil

If the Fossil executable on the remote system is not on the ssh user's $PATH, you'll want to add ?fossil=<FSLEXEPATH>, where if not absolute <FSLEXEPATH> is relative to the user's $HOME. See fossil help clone.

(5.3) By Andy Bradford (andybradford) on 2025-04-08 14:48:06 edited from 5.2 in reply to 1 [source] 

> I am  still trying to  wrap my head around  how fossil works  with SSH
> though. What is best practice for setting it up?

Best practice is what works for you and the group of people for whom you
are setting this up.

By default, Fossil with SSH behaves just like any other Unix environment
where you  use SSH.  For example,  if you  have a  document on  a remote
system and you have  5 people that want to edit  that document using vi,
what would  you do? You would  create 5 accounts (each  person has their
own  login) and  then put  all 5  people into  a group  that have  group
permissions to  edit the document  and then  set the group  ownership on
that file to that group and make the file group writeable.

The default mode  of operation for Fossil works in  similar fashion. You
just need  to put the  Fossil repository file  into a directory  that is
writeable by the group and has  permissions on the file that permit them
to read and write to it.  Perhaps the repository is located in:

/var/fossils/project.fossil

When they clone they would clone using their own account.

fossil clone ssh://username@host//var/fossils/project.fossil ~/fossils/project.fossil

Using  public  key  authentication  does  not  change  this  arrangement
significantly but can allow more flexibility.

Keep in mind that this default  mode of operation assumes that all users
are fully enabled users because they  all have complete control over the
Fossil  repository. This  simple setup  also has  the least  maintenance
overhead.


Now,  perhaps you  have people  who are  not very  experienced in  using
shells and  SSH and you're  concerned about  the security of  the system
being compromised?  And you want to  limit their access to  simply using
the Fossil command and disallow interactive shell. Well, that's where it
gets slightly more  complicated and you have a bunch  of other decisions
to make. The first and most simple  thing you can do is disable password
authentication  for those  users and  then  require SSH  keys. Then  use
ForceCommand to force  the SSH key to always invoke  the Fossil command.
How you go about  doing this depends on whether or  not you think you'll
have just 1 Fossil repository in the group, or multiple.

If you have  one, the ForceCommand could contain the  name of the Fossil
repository right in it.  For example:

command="fossil test-http /path/to/fossils/repository.fossil"

If you  have multiple, then you  might want to  instead use a path  to a
directory and  then Fossil will  "serve" any of those  repositories. For
example:

command="fossil test-http /path/to/fossils"

The latter mechanism allows any of  the Fossil repositories to be served
(assuming you have multiple).

The above  examples are  for putting the  ForceCommand directly  in each
user's  $HOME/.ssh/authorized_keys, but  if you  want to  centralize the
control and make it impossible for  users to disable, you would then put
them in Match blocks for the User in /etc/ssh/sshd_config.


If you're brave  (or determined) you can get more  fancy with Fossil and
do as you  suggest. Create a "fossil"  user that owns the  file and then
control access  to that by using  ForceCommand and SSH keys  and you can
even take  advantage of the Fossil  RBAC system. This is  similar to how
many GitHub users are accustomed to doing things (e.g. the SSH transport
doesn't use their own name at all, but a very generic git@github.com).

Some of what you can do in this regard is documented here:

https://fossil-scm.org/home/doc/trunk/www/server/any/http-over-ssh.md

So it really comes down to how you want to provide the access.

Feel free to ask questions for clarifications.

Andy

(6.1) By Andy Bradford (andybradford) on 2025-04-08 15:43:48 edited from 6.0 in reply to 1 [link] [source] 

> Do I  create a "fossil"  Linux user that people  can use to  clone the
> repository, and then they sign in with their fossil username?

As mentioned  in a much more  lengthy reply, by default,  Fossil and SSH
assume  that all  users are  fully privileged  (because permissions  are
managed by OS-level permissions on the files). In addition, because each
user has  full access to  the file, there is  no point in  having Fossil
users on the server since they aren't  used for anything. If you want to
use Fossil users it's a much more  complicated setup, but can be done if
you're  willing to  figure it  all  out (see  my previous  post in  this
thread) and it's appropriate for what you're trying to accomplish.

Andy