Using Kiln With SSH



Mercurial, Git, and TortoiseHg operations (e.g., clone, pull, and push) can use either the SSH or HTTP(S) server address.

If you have already configured SSH, you can find the SSH/HTTP toggle in the upper-right corner of a repository screen. It provides the exact Clone URL for TortoiseHg and Git for HTTP or SSH.


This article describes the steps you need to perform before using Kiln with SSH. 


Configuring SSH on Windows

  1. Install the Kiln Client Tools.

    • Use Pageant to communicate with Kiln via SSH; by default, Pageant is installed to the following directory C:\Program Files\TortoiseHg\. The latest version of Pageant can be obtained from the Download PuTTY page.

    • If you are running the Client Tools on Windows Server 2003 or an earlier version, update pageant.exe manually; PuTTY 0.60 (the version we ship) is not fully compatible with Windows Server 2003.

  2. Generate the client SSH key:

    • If you are using Mercurial:

      1. Create a new SSH-2 RSA key with PuTTYgen. We recommend using 2048-bit or 4096-bit keys.

      2. Add a passphrase and save the key as a private key in PuTTYgen. Also, you can add it to your Startup group so that the key will be loaded automatically when you log in.

      3. Double-click on the saved key to load it into Pageant. Pageant stays active in the background and automatically provides the loaded key to TortoiseHg and Mercurial.

    • If you are using Git:

      1. Create a new SSH-2 RSA key with PuTTYgen. We recommend using 2048-bit or 4096-bit keys.

      2. When you save your private key, choose Conversions > Export OpenSSH Key.

      3. Name the file id_rsa and put it in the .ssh folder (e.g., if the name of your Windows user is kiln, the path to your private key would be C:\Users\kiln\.ssh\id_rsa).

        Note: Since Git uses OpenSSH, you will not need to open Pageant to connect to your repositories via SSH. If you are using only Git, you will not need to worry about Pageant at all.
  3. Share your client key with Kiln:

    1. In PuTTYgen, copy the text from the Public key for pasting box.

    2. In Kiln, open the SSH Keys page from the top menu.

      Note: SSH can be disabled by your Kiln administrator. In this case, the SSH Keys page and SSH repository links will not be available.
    3. Click Add a New Key and paste the newly created public key.

    4. Click Save Key.


 Back to top

Configuring SSH on Mac and Unix

  1. Generate an SSH key:

    1. Open the terminal and run the following command:
      ssh-keygen -t rsa 

    2. Follow the instructions in the terminal.

      Note: We recommend using 2048-bit or 4096-bit keys.
  2. Share your SSH key with Kiln:

    1. In the terminal, run the command cat ~/.ssh/ and copy its output.

    2. From the top menu in Kiln, click on your avatar and select the SSH Keys option.

    3. Click Add a New Key and paste the public key.

Back to top


The SHA-256 hostfingerprint is:


Please add the fingerprint above to your mercurial.ini file, under [hostsecurity] as follows:


Known Issues

If you are accessing Kiln repositories via SSH for the first time, you may encounter a warning about the certificate with the following fingerprint:

  • On Linux/MacSHA256:GIfIWDp22YlxN7bjk35+fKlanjL2P7hm99f4DF3Ty6k

  • On Windowssha256:b6:e6:7e:86:91:84:29:b6:14:9c:23:57:1a:1d:27:67

Please note that this is the same fingerprint, but it is displayed in different formats. Hence, you can ignore this warning.

Back to top

Disabling IP Whitelisting

Please note that IP whitelisting is not compatible with SSH. Hence, make sure to delete all IP whitelists.
Back to top

Switching Protocols

  1. If you want to start pushing and pulling (via SSH) a repository that you cloned using HTTPS, open the file hgrc in the .hg folder (in the repository on your machine).

  2. Change the URL in the file to the following format (replace https:// with ssh://<your username>@):

    Old URL:
    [paths] default =

    New URL:
    [paths] default= ssh://
  3. Save the updated file.
    The SSH configuration is now complete.

Back to top