Using Artifactory 5.x ?
JFrog Artifactory 5.x User Guide
Have a question? Want to report an issue?Contact JFrog support
Overview
From version 4.4, Artifactory supports SSH authentication for Git LFS and theJFrog CLIusing RSA public and private keys. This allows these tools to exchange sensitive information with the Artifactory server that is authenticated via SSH.
There are two main facets of SSH authentication:
Server authenticates itself to the client
你发送我之前必须经过身份验证服务器t any confidential data. For example, you should not authenticate a user to the server with the user's password before the server has been authenticated. The server is authenticated in the following manner.
When the SSH connection is established, the server sends its public key to the client, and the client matches the key to a list of known public keys stored in aknown_hosts
file.(Before the first ever connection to the server, you must obtain the server's public key by some other means and add it it to theknown_hosts
file manually). This verifies that the server is indeed the owner of the stored public key, since only that server will have the corresponding private key. It also verifies that the server is known (and not an imposter) since its public key is stored intheknown_hosts
file.
User authenticates itself to the server
This process mirrors the process of the server being authenticated to the client. The user must first provide their public key to the server which stores it in the user's account authorization list. Then, when the user tries to log in, the server sends the user back their public key, and the user must show that he holds the corresponding private key.
Limitation
SSH is not supported if usingArtifactory Saascloud service.
Configuring SSH
To configure SSH authentication, you need to execute the following main steps:
Configuring Server Authentication
In this step you will configure Artifactory's SSH authentication parameters. First you need to generate an SSH key pair for Artifactory. For example, on a Linux-based system, you could execute the following command:
ssh-keygen -t rsa -C "server@domain.com"
Then, to configure Artifactory for SSH authentication, in theAdminmodule, selectSecurity | SSH Serverand fill in the required fields.
Enable SSH Authentication |
When checked, SSH authentication is enabled |
Port |
The port that should be used for an SSH connection |
Custom URL Base |
TheCustom URL Basethat should be used for SSH connections. Note that this is the same Custom URL Base configured in theAdminmodule underConfiguration | General. |
Public key/Private key |
The key pair used for authentication |
Configuring User Authentication
首先,您需要生成一个密钥对。对于example, on a Linux-based system, you could execute the following command:
ssh-keygen -t rsa -C "USER@domain.com"
Your public and private keys should be created under the~/.ssh
folder.
Don't forget to update your public key
Update your public key under theSSHsection of your User Profile.
Configuring the Client
To configure your Git LFS client, please refer toAuthenticating with SSH.
To configure the JFrog CLI, please refer toAuthenticating with RSA Keys.