SSH Server Configuration
To configure SSH authentication, you will need to execute the following main steps:
Configuring Server Authentication
In this step you will configure Artifactory's SSH authentication parameters. First you need to generate an SSH key pair for Artifactory. For example, on a Linux-based system, you could execute the following command.
ssh-keygen -t rsa -C "server@domain.com"
Next,to configure Artifactory for SSH authentication, go to theAdministrationmodule, selectArtifactory | |安全密钥管理and click theSSH Keystab.``
JFrog Cloud New Interface (Beta)
On the taskbar, click(Platform Configurations), and selectPlatform Security > Keys Management.到learn more, clickhere.
Fill in the details for the Server Settings and the Server Keys.
Enable SSH Authentication
When checked, SSH authentication is enabled. Port
The port that should be used for an SSH connection. Custom URL Base
TheCustom Base URLthat should be used for SSH connections. Note that this is the same Custom URL Base configured in theAdministrationmodule underConfiguration | General. Public key/Private key
The key pair used for authentication.
Configuring User Authentication
In this step, you will configure Artifactory with your public key so that you may be authenticated when sending requests to Artifactory from the Git LFS client or from the Artifactory CLI.
First, you need to generate a key pair. For example, on a Linux-based system, you could execute the following command:
ssh-keygen -t rsa -C "USER@domain.com"
Your public and private keys should be created under the~/.ssh
folder.
Don't forget to update your public key
Update your public key under theSSHsection of your User Profile.
Configuring the Client
To configure your Git LFS client, seeAuthenticating with SSH.
Controlling Your SSH Server Security
Controlling your SSH Server Security depends on your JFrog deployment:
- In a Cloud deployment,contact JFrog support, to make the required changes to your SSH Server Security.
- In a Self-Hosted deployment, you can control your SSH Server Security. Requires Platform Administrator permissions.
You can now control ciphers, MACs, signatures, and key exchange algorithms that are accepted by the Artifactory SSH server.
These values are left empty/null by default, and can have values delimited by comma (,) similarly to the correlating properties and will be applied only if the corresponding artifactory.ssh.*.algorithms is not set.
Include Pattern System Properties
From Artifactory 7.18.6, the following constant values have been added as 'Include Only' algorithms:
artifactory.ssh.cipher.algorithms=
artifactory.ssh.key.exchange.algorithms=
artifactory.ssh.mac.algorithms=
artifactory.ssh.signature.algorithms=
Exclude Pattern System Properties
The Exclude patterns are:
artifactory.key.exchange.black.list=...
artifactory.cipher.black.list=...
从Artifactory 7.18.6 additional system properties were added to the exclude patterns.
artifactory.ssh.mac.black.list=...
artifactory.ssh.signature.black.list=...
Supported Values By Algorithm Type
Deprecated values are not loaded by default.
Algorithm Type |
Values (loaded by default) |
Deprecated (not loaded unless configured by name) |
---|---|---|
Cipher Algorithms |
|
|
Key Exchange Algorithms |
|
|
Message Authentication Codes (MAC) Algorithms |
|
|
Signature Algorithms |
|