Control ssh access to mercurial repositories
update README
fix width readme
update README


browse log



A python3 script to control ssh access to mercurial repositories.

This script was adapted from in order to circumvent the "potentially
unsafe" error that was arising when trying to pull repositories with readonly
access. Source code for this comes from the updated version of `hg-ssh`.

modified from hg-ssh (
and (

Ported from (

See for more information.

How to

copy to your $PATH (e.g./usr/local/bin).

(We assume your user being created is named 'hg')

Create a new user `hg` with home directory `/home/hg`, all your repositories will go here. If 
you want to store your repositories elsewhere, you can do one of the following:

	1. Create your directory structure somewhere on your filesystem and ensure ownership
	   is given to hg user and hg group. Then create a symlink in the user home directory
	   to the top level folder of the repository location.
	2. Use 'cd path/to/toplevel/repodir &&...' in your SSH command before calling this script. For example,
	   if the top level was in /usr/local/repos, create a symlink in /home/hg to /usr/local/repos and update
	   the confuguration file as necessary

Create a config file at `/home/hg/hgssh4.conf`:
    location = repos/reponame
    user1 = read     
    user2 = write    
    location = repos/reponame2
    user1 = write

Add a new entry to ``/home/hg/.ssh/authorized_keys``
    NOTE: USERNAME in this example would be user1 or user2
    command=" USERNAME ~/hgssh4.conf",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa your_ssh_rsa_public_key

Create the repositories:

    cd /home/hg/repos && hg init reponame && hg  init reponame2

Now you can access (only) these repositories using your ssh key:

    ssh://  (readonly to user1, read/write to user2)
    ssh:// (read/write to user1only)

    If the username provided in authorized_keys does not exist in the ACL file, or if it is set to anything
    other than 'read' or 'write' (even if blank), then the access will be denied.

    The users defined in the ACL file DO NOT need to exist on the server being accessed. They simply need to match
    the entry that is provided in the command in the authorized_keys file for that user.

    The actual name of the repository folder in the location DOES NOT need to match the name in the [] section of the ACL file.

    SSH to run: ssh://

    This script allows the use of 'short/friendly' names in access/config:
    Example: ssh://

    This ACL file serves as a mapping from friendly name to actual location. This removes the 
    need to defined multiple repo definitions on the "command" of the ssh key as in hgssh, 
    and also removes the need to redefine repos per user as in This configuration 
    allows one definition of the repository and one line per user to deny/grant access. This is very similar
    to how SVN grants access controls.

One new feature is introduced in `hgssh4`: the command `update-desc` that
allows for updating remote description of repositories. To use it, issue the
following command: `ssh server update-desc remote-repo description`, where
`description` is the new description for the remote repository.