You sometimes need to keep a repository closed to the public, yet permit some unattended access, e.g., for a machine that builds your software on each commit. For this, you can use a machine account.

A machine account is really just a group, usually with no members, but you can attach SSH keys to it. Machine accounts only ever use SSH.

Due to a problem with SVN over SSH, machine accounts won't be able to commit to Subversion repositories until this server upgrades to Subversion 1.9.5.

Whoever owns a group can modify its SSH keys. To create a machine account, first think about who will control it. If it's for a specific repository, that repository will usually have an administrator or owner group, which will double as the owner of the machine account. For Git repositories, you usually have a domain that controls it, and the domain has an owner, which can also own the machine account.

Don't use a self-owned group as a machine account. In order to edit its keys, you'd have to be a member of it. If you then add it to an authorization rule, it could limit your permissions, because you're a member.

Once you've identified the owning group, and you've created the key pair, follow these steps:

  1. Go to the page for the group that will own the machine account.

  2. Select the view Property.

  3. Enter the title for machine account. You should get a message telling you that the new group is due to expire, and giving a link to it.

  4. Follow the link to the new group.

  5. Select the view SSH keys.

  6. Upload the public key for the account.

  7. Go to the authorization rules for the repository or folder you want the machine account to access.

  8. Add the group, specifying its permissions. When you update, that should cancel the machine account's expiry.

Lancaster University
© School of Computing and Communications, Lancaster University – Disclaimer & copyright
Some images from PixelMixer