Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

From version 4.4, Artifactory supports SSH authentication for Git LFS and the JFrog CLIJFrog CLI using RSA public and private keys. This allows these tools to exchange sensitive information with the Artifactory server that is authenticated via SSH.

There are two main facets of SSH authentication:

Server authenticates itself to the client

The server must be authenticated before you send it any confidential data. For example, you should not authenticate a user to the server with the user's password before the server has been authenticated. The server is authenticated in the following manner.

When the SSH connection is established, the server sends its public key to the client, and the client matches the key to a list of known public keys stored in a known_hosts file. (Before the first ever connection to the server, you must obtain the server's public key by some other means and add it it to the known_hosts file manually). This verifies that the server is indeed the owner of the stored public key, since only that server will have the corresponding private key. It also verifies that the server is known (and not an imposter) since its public key is stored in the known_hosts file.

User authenticates itself to the server

This process mirrors the process of the server being authenticated to the client. The user must first provide his public key to the server which stores it in the user's account authorization list. Then, when the user tries to log in, the server sends the user back his public key, and the user must show that he holds the corresponding private key.

Limitation

SSH is not supported if using Artifactory Saas cloud service.

Page Contents


Configuring SSH

To configure SSH authentication, you need to execute the following main steps:

  1. Configure Server Authentication
  2. Configure User Authentication
  3. Configure the Git LFS or CLI Client

Configuring Server Authentication

In this step you will configure Artifactory's SSH authentication parameters. First you need to generate an SSH key pair for Artifactory. For example, on a Linux-based system, you could execute the following command:

ssh-keygen -t rsa -C "server@domain.com"

 Then, to configure Artifactory for SSH authentication, in the Admin module, select Security | SSH Server and fill in the required fields.

SSH Server Configuration

Enable SSH Authentication
When checked, SSH authentication is enabled
Port
The port that should be used for an SSH connection
Custom URL Base
The Custom URL Base that should be used for SSH connections. Note that this is the same Custom URL Base configured in the Admin module under Configuration | General.
Public key/Private key
The key pair used for authentication

 

Configuring User Authentication

In this step, you will configure Artifactory with your public key so that you may be authenticated when sending requests to Artifactory from the Git LFS client or from the Artifactory CLI.

First, you need to generate a key pair. For example, on a Linux-based system, you could execute the following command:

ssh-keygen -t rsa -C "USER@domain.com"

 

Your public and private keys should be created under the ~/.ssh folder.

Don't forget to update your public key

Update your public key under the SSH section of your User Profile.

Configuring the Client

To configure your Git LFS client, please refer to Authenticating with SSH.

To configure the JFrog CLI, please refer to Authenticating with RSA Keys.   

 

 

 

 

 

 

 

 

  • No labels