SSH Access

How you access HGKeeper over SSH will depend a lot on the run mode as well as how the server has been configured. However, there are some not so obvious things to HGKeeper that need to be addressed.

Remote URLs

Cloning, pushing, and pulling are going to be just like they are for any SSH based Mercurial hosting. Of course you will have to match the port number in your remote url to match.

If you're running HGKeeper in standalone mode with it's default port of 22222 you'll need to specify that port when cloning:

hg clone ssh://

If you're running HGKeeper behind OpenSSH in either on demand or reverse proxy mode, then you must specify the user name you have configured:

hg clone ssh://

Creating Repositories

HGKeeper's web interface is just hgweb, which means there is no way to create repositories from the web interface.

However, hg init, which we use to create repositores locally, also works on a remote. So to create a repository, assuming you have the init permission in the authorization policy, you can use the following command:

hg init ssh://

If this completes without displaying an error, you can now clone the brand new empty repository with the following command:

hg clone ssh://


As you may have imagined, integrating with OpenSSH can be somewhat difficult to get correct and even then there are some issues that crop up that may leave you stumped. This section aims to alleviate these issues.

Reverse Proxying

HGKeeper works like any other Mercurial service that is hosted over SSH. However, if you are running HGKeeper in reverse proxy mode with OpenSSH infront of it, you will need to use an SSH Agent and make sure that it is being forwarded when connecting to your server.

On Linux/BSD, you can easily do this by adding a host configuration to your ~/.ssh/config file. Be sure to replace hg and with your real values.

match User hg Host
    ForwardAgent yes

No Mutual Signature Algorithm

Recent releases of OpenSSH Server have disabled rsa signatures. If you are using an RSA based host key, you will need to add a section to your ~/.ssh/config to permit this. But please note, this is currently deprecated and is planned to be removed in the future, so this setting is just to keep you running while you work on migrating to a more secure host key.

match User hg Host
    PubkeyAcceptedKeyTypes ssh-rsa