Securing your repository connection
About this page
This page shows how to secure your bamboo server to source repository connection.
Subversion
svn+ssh
In your build plan you must specify the absolute path to the repository when using svn+ssh, for example svn+ssh://<svnhost>/absolute/path/to/repository/root/your/module
Using a key pair
They key pair is shared between your bamboo agent box (the bamboo server box in case of local agents) and the repository server box. Your repository configuration allows you to specify the location of a private key file that must be stored on the agent box.
The key pair has to be in PKCS12/OpenSSH format and the private key must be passphrase protected, otherwise a runtime exception is thrown by JDK security engine while opening the user key.
Linux and related
- On the repository box generate the keypair
ssh-keygen -t rsa
- add public key to ~/.ssh/authorized_keys
cat id_rsa.pub >> ~/.ssh/authorized_keys
- copy the private key to all the agent boxes into a directory that is common to all agents (remote and local) e.g. /var/keys/ssh/id_rsa
For windows agents
Store the private key file in the same location on the drive that the agent is started from. For example you start your agent with
d:\bamboo-agent > java -jar atlassian-bamboo-agent-installer-xxx.jar ....
Then the key file must be in d:\var\keys\ssh\id_rsa
Windows
Private key should always be in OpenSSH format. On windows usually "putty" (plink) program is used that uses keys in its proprietary format
(PPK - putty private key), this format is not supported by bamboo. The PuttyGen program may be used on Windows to convert key in PPK format to
OpenSSH.
How to add the public key to the windows version of ~/.ssh/authorized_keys
<<<< comment needed
Trouble shooting
You can test the svn+ssh connection from the command line.
First you need to tell the svn command line client which key file to use:
$ export SVN_SSH="ssh -i /absolute/path/to/private/key"
Then you can test the connection with
$ svn list svn+ssh://<svn-server>/Absolute/Path/To/Repository/[Module]