• via rsh/ssh, i.e., "rsh remote host bk bkd -e",
• via ssh as a login shell, and/or
• as a stand-alone daemon, i.e., "bk bkd -d".

BitMover recommends using ssh, since ssh provides a secure channel. The stand-alone daemon method has no security, other than the ability to run in read-only mode. If security is a requirement, use ssh to get to the daemon. The method used is determined by how the remote repository is referenced, as follows:

• host:pathname
  Uses ssh (by default) to access host, and starts a temporary bkd. If $BK_RSH is set, then bkd uses that to talk to the host (allows proxying). If no ssh is found then rsh is used.
• bk://host
  Connects to an existing bkd on the default bkd port. The bkd must be at the root of the repository.
• bk::/host/pathname
  Connects to an existing bkd on the default bkd port, changes to pathname, then runs command.
• bk://host:port
  Connects to an existing bkd on the specified port. The bkd must be at the root of the repository.
• bk://host:port/pathname
  Connects to an existing bkd on the specified port, changes to pathname, then runs the command.
• bk://user@host
  Connects to host using ssh, and assumes that bkd is the login shell. The home directory of user must be the root of the repository.
• bk://user@host/pathname
  Connects to host using ssh, and assumes that bkd is the login shell. Changes directories to the specified pathname, which may be relative to the home directory or an absolute pathname.

Anonymous Access

The most common use of the stand-alone daemon is for anonymous access to a repository. To provide read-only, anonymous access, you can run:

bk bkd -d -xpush

This will allow anyone to read (but not write) all repositories on the system running the daemon.

If you want to export a single repository, pick a port number, and do this:

cd /u/linux bk bkd -d -p5555 -xcd -xpush

This says to run in daemon mode, bind to port 5555, and disallow the "cd" and "push" commands. By disallowing the "cd" command, the daemon at port 5555 is tied to the repository in the current working directory (bkd needs to be run at the root of the repository). By disallowing the "push" command, the repository is protected from updates.

Clients would then get to this repository by using the BitKeeper URL of:

bk://host.domain:5555

i.e.,

$ bk clone bk://host.domain:5555 my_tree

If you want to have a repository which allows the world to read it, but restricts write access to a select few, you would use bkd to give out read only access, and tell people the BitKeeper URL for the foo project is:

bk://someplace.com:5000

For both read and write access that you want to give to a few trusted people, you would give them ssh access to a machine with a clone into which you allow pushes. Suppose your bk://someplace.com:5000 is really someplace.com:/home/bk/foo. You would then give your trusted friends a login on someplace.com and tell them the bk URL they want to use is someplace.com:/home/bk/foo, that is, they would say:

bk clone someplace.com:/home/bk/foo foo

When they then push back to that location, they will be prompted for an ssh password that allows them to push.