About this page

This page shows how to secure your bamboo server to source repository connection.

Subversion

svn+ssh

In your build plan you must specify the absolute path to the repository when using svn+ssh, for example svn+ssh://<svnhost>/absolute/path/to/repository/root/your/module

Using a key pair

They key pair is shared between your bamboo agent box (the bamboo server box in case of local agents) and the repository server box. Your repository configuration allows you to specify the location of a private key file that must be stored on the agent box.

The key pair has to be in PKCS12/OpenSSH format and the private key must be passphrase protected, otherwise a runtime exception is thrown by JDK security engine while opening the user key.

Linux and related
  1. On the repository box generate the keypair
     ssh-keygen -t rsa 
  2. add public key to ~/.ssh/authorized_keys
     cat id_rsa.pub >> ~/.ssh/authorized_keys 
  3. copy the private key to all the agent boxes into a directory that is common to all agents (remote and local) e.g. /var/keys/ssh/id_rsa

For windows agents

Store the private key file in the same location on the drive that the agent is started from. For example you start your agent with

 d:\bamboo-agent > java -jar atlassian-bamboo-agent-installer-xxx.jar .... 

Then the key file must be in d:\var\keys\ssh\id_rsa

Windows

Private key should always be in OpenSSH format. On windows usually "putty" (plink) program is used that uses keys in its proprietary format
(PPK - putty private key), this format is not supported by bamboo. The PuttyGen program may be used on Windows to convert key in PPK format to
OpenSSH.

How to add the public key to the windows version of ~/.ssh/authorized_keys <<<< comment needed

Trouble shooting

You can test the svn+ssh connection from the command line.
First you need to tell the svn command line client which key file to use:

$ export SVN_SSH="ssh -i /absolute/path/to/private/key"

Then you can test the connection with

$ svn list svn+ssh://<svn-server>/Absolute/Path/To/Repository/[Module]