Project

General

Profile

Idea #6617

Updated by Tom Clegg over 8 years ago

Background: When logged in to a shell node via SSH, you can access git repositories via SSH (like git@git.zzzzz.arvadosapi.com) by using agent forwarding. However, if you log in to a shell node via webshell, your options are: 
 * Create/store a private key on the shell node. This is a bad practice. 
 * Don't use SSH to authenticate to git repos when logged in via webshell. 

 The infrastructure is in place (pending #6619) to authenticate _via https_ using the arvados API token that is automatically added to your environment at login time. Of course, this only helps when you clone/push @https://git.zzzzz.arvadosapi.com/foo/bar.git@ -- but doc.arvados.org and Workbench's "Manage Account" page only suggest using the url @git@git.zzzzz.arvadosapi.com:foo/bar.git@. 

 Both docs and Workbench must be updated to present both options and provide guidance about when to use each. 
 * Clone with HTTPS if your ARVADOS_API_TOKEN env var is set (e.g., you're logged in to an Arvados shell VM). This is the best option for shell VMs even if you're logged in with SSH: it means "push" will work next time you log in, even if you log in with Webshell. 
 * Clone with SSH if you've added your SSH key to Arvados and it's available in your login session (e.g., you're cloning to your workstation). 

Back