SSH

The SSH key consists of a public/private key pair that you create for each user on each computer used as a Git client. Git users who already have an SSH key can send the public key to their administrator for further handling.

When you have the SSH key, you can share the public key with the Helix server machine and then verify the key in the Git Connector server. By default, it takes 10 minutes for the SSH key shared with the Helix server to be authorized in the Git Connector server, so you need to wait before you proceed to the verification step.

Note

Helix server users who have, at a minimum, the list access to a filename in the protections table can add their own public SSH keys to the Helix server. For example:

p4 pubkey -i -s scopeName < my_id_rsa.pub

A Helix server user with the access level of super or admin can add a key for another user by specifying the (-u) option. For example:

p4 pubkey -i -s scopeName -u bruno < bruno_id_rsa.pub

See Prerequisites for a user to upload a key in Helix Core P4 Command Reference.

Tip

If you have several public keys, you can define a scope for each key to be able to quickly distinguish between them. This is useful if you need to delete a key. To get a list of keys along with their scope, run the p4 -ztag pubkeys command. For examples, see https://www.perforce.com/perforce/doc.current/manuals/cmdref/p4_pubkeys.html.

  1. To create the SSH key, run the following command and follow the prompts:

    $ ssh-keygen -t rsa
  2. Let us assume:

    • You are a user with admin or superuser privilege on the Helix server, but you are NOT logged in to Helix server as an admin or superuser from the host running the command.
    • P4PORT is set in your environment.
    • A user named bruno, P4USER=bruno, has emailed his id_rsa.pub file to you and that file is stored in /drive/userA/id_rsa.pub.

    To add the key to the Helix server machine, you run the command:

    $ p4 -u admin pubkey -u bruno -s scopeName -i < /drive/userA/id_rsa.pub

    However, if P4PORT is NOT set, include the server name and port number:

    $ p4 -p helixserver:1666 -u admin pubkey -u bruno -s scopeName -i < /drive/userA/id_rsa.pub
    Note

    Users without admin permission need to run this command without the -u option:

    $ p4 pubkey -i -s scopeName < ~/.ssh/id_rsa.pub

    Otherwise, they receive the following error message:

    You don't have permission for this operation.
  3. Wait 10 minutes for the keys to update. Otherwise, the Git Connector will not have the updated SSH keys in the list of authorized keys, and you will not be able to connect.

  4. Have Git client users run the following command to verify that they can successfully connect to the Git Connector.This command is similar to the p4 info command in that it displays information about the installed applications.
    $ git clone git@ConnectorHost:@info
    Note

    Ignore the following message:

    fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

    If you see p4 info output, the command was successful.

    If you are prompted for the Git password, this indicates an issue with the SSH setup. See Troubleshooting.