1 |
nightmorph 10/04/26 19:24:11 |
2 |
|
3 |
Modified: cvs-sshkeys.xml |
4 |
Log: |
5 |
remove dead keychain project, replace with link to /doc/en/keychain-guide.xml. also went through the whole doc and edited for GuideXML code standards |
6 |
|
7 |
Revision Changes Path |
8 |
1.6 xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.6&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.6&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.5&r2=1.6 |
13 |
|
14 |
Index: cvs-sshkeys.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v |
17 |
retrieving revision 1.5 |
18 |
retrieving revision 1.6 |
19 |
diff -u -r1.5 -r1.6 |
20 |
--- cvs-sshkeys.xml 23 May 2008 02:48:37 -0000 1.5 |
21 |
+++ cvs-sshkeys.xml 26 Apr 2010 19:24:11 -0000 1.6 |
22 |
@@ -1,40 +1,48 @@ |
23 |
<?xml version='1.0' encoding="UTF-8"?> |
24 |
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> |
25 |
- |
26 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
27 |
|
28 |
-<guide link = "/proj/en/infrastructure/cvs-sshkeys.xml"> |
29 |
+<guide> |
30 |
<title>SSH access to cvs.gentoo.org</title> |
31 |
+ |
32 |
<author title="Author"> |
33 |
- <mail link="swift@g.o">Sven Vermeulen</mail> |
34 |
+ <mail link="swift"/> |
35 |
</author> |
36 |
<author title="Author"> |
37 |
- <mail link="robbat2@g.o">Robin H. Johnson</mail> |
38 |
+ <mail link="robbat2"/> |
39 |
+</author> |
40 |
+<author title="Editor"> |
41 |
+ <mail link="nightmorph"/> |
42 |
</author> |
43 |
+ |
44 |
<abstract> |
45 |
This mini-guide explains on how to create and use ssh-keys, especially |
46 |
for use on cvs.gentoo.org. |
47 |
</abstract> |
48 |
-<version>1.1</version> |
49 |
-<date>2007/12/24</date> |
50 |
+ |
51 |
+<version>1.2</version> |
52 |
+<date>2010-04-26</date> |
53 |
|
54 |
<chapter> |
55 |
<title>SSH keys</title> |
56 |
<section> |
57 |
<title>Creating the SSH keys</title> |
58 |
<body> |
59 |
+ |
60 |
<p> |
61 |
First of all, be physically logged on to your own computer. Make sure |
62 |
that no-one will see you typing stuff in, since we are going to type in |
63 |
passphrases and such. So get your pepperspray and fight all untrusted |
64 |
entities until you are home alone. |
65 |
</p> |
66 |
+ |
67 |
<p> |
68 |
Now we are going to create our ssh keys, DSA keys to be exact. Log onto |
69 |
your computer as the user that you are going to be using when you want |
70 |
to access cvs.gentoo.org. Then issue <c>ssh-keygen -t dsa</c>: |
71 |
</p> |
72 |
-<pre caption = "Creating SSH keys"> |
73 |
+ |
74 |
+<pre caption="Creating SSH keys"> |
75 |
$ <i>ssh-keygen -t dsa</i> |
76 |
Generating public/private dsa key pair. |
77 |
Enter file in which to save the key (/home/temp/.ssh/id_dsa): <comment>(Press enter)</comment> |
78 |
@@ -46,32 +54,39 @@ |
79 |
The key fingerprint is: |
80 |
85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra |
81 |
</pre> |
82 |
+ |
83 |
<note> |
84 |
Please be sure to set a strong passphrase on your private key. Ideally, |
85 |
this passphrase should be at least 8 characters and contain a mixture of |
86 |
letters, numbers and symbols. |
87 |
</note> |
88 |
+ |
89 |
<p> |
90 |
Now wasn't that easy? Let's see what we have created: |
91 |
</p> |
92 |
-<pre caption = "Created files"> |
93 |
+ |
94 |
+<pre caption="Created files"> |
95 |
# <i>ls ~/.ssh</i> |
96 |
id_dsa id_dsa.pub |
97 |
</pre> |
98 |
+ |
99 |
<p> |
100 |
You'll probably have more files than this, but the 2 files listed above |
101 |
are the ones that are really important. |
102 |
</p> |
103 |
+ |
104 |
<p> |
105 |
The first file, <path>id_dsa</path>, is your <e>private</e> key. Don't |
106 |
distribute this amongst all people unless you want to get into a fight |
107 |
with drobbins (no, you don't want that). |
108 |
</p> |
109 |
+ |
110 |
<warn> |
111 |
If you have several (<e>trusted!</e>) hosts from which you want to |
112 |
connect to cvs.gentoo.org, you should copy <path>id_dsa</path> to the |
113 |
<path>~/.ssh</path> directories on those hosts. |
114 |
</warn> |
115 |
+ |
116 |
<p> |
117 |
The second file, <path>id_dsa.pub</path>, is your <e>public</e> key. |
118 |
Distribute this file amongst all hosts that you want to be able to |
119 |
@@ -80,64 +95,84 @@ |
120 |
to your local host so you can connect to that one too if you have several |
121 |
boxes. |
122 |
</p> |
123 |
-<pre caption = "Adding the SSH key to the box"> |
124 |
+ |
125 |
+<pre caption="Adding the SSH key to the box"> |
126 |
$ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i> |
127 |
</pre> |
128 |
+ |
129 |
</body> |
130 |
</section> |
131 |
<section> |
132 |
-<title>Installing your public key on a machine using LDAP authentication for SSH</title> |
133 |
+<title> |
134 |
+ Installing your public key on a machine using LDAP authentication for SSH |
135 |
+</title> |
136 |
<body> |
137 |
-<note>If you are a new developer, your recruiter will put your first SSH key |
138 |
-into LDAP, so that you can login. You can then add any additional SSH keys |
139 |
-yourself using the following procedure.</note> |
140 |
+ |
141 |
+<note> |
142 |
+If you are a new developer, your recruiter will put your first SSH key into |
143 |
+LDAP, so that you can login. You can then add any additional SSH keys yourself |
144 |
+using the following procedure. |
145 |
+</note> |
146 |
+ |
147 |
<p> |
148 |
For most of the Gentoo infrastructure, we use LDAP to distribute user |
149 |
information including SSH public keys. On these machines, |
150 |
<path>~/.ssh/authorized_keys</path> should generally not contain your key. |
151 |
</p> |
152 |
+ |
153 |
<p> |
154 |
Instead, you should place your public key into LDAP, using |
155 |
<path>perl_ldap</path>, or <path>ldapmodify</path> directly. |
156 |
The Infrastructure <uri link="/proj/en/infrastructure/ldap.xml">LDAP |
157 |
guide</uri> describes this in more detail. |
158 |
</p> |
159 |
-<pre caption = "Adding the SSH key with perl_ldap on dev.gentoo.org"> |
160 |
+ |
161 |
+<pre caption="Adding the SSH key with perl_ldap on dev.gentoo.org"> |
162 |
$ <i>perl_ldap -b user -C sshPublicKey "$(cat ~/.ssh/id_dsa.pub)" <username></i> |
163 |
</pre> |
164 |
-<warn>Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes!</warn> |
165 |
+ |
166 |
+<warn> |
167 |
+Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes! |
168 |
+</warn> |
169 |
+ |
170 |
</body> |
171 |
</section> |
172 |
<section> |
173 |
<title>Using keychain</title> |
174 |
<body> |
175 |
+ |
176 |
<p> |
177 |
Every time you want to log on to a remote host using SSH public key |
178 |
authentification, you will be asked to enter your passphrase. As much as |
179 |
-everybody likes typing, too much is sometimes too much. Luckily, |
180 |
-there is <c>keychain</c> to the rescue. There is an document on this |
181 |
-one <uri link="/proj/en/keychain.xml">here</uri>, |
182 |
-but I'll give you a quick introduction. |
183 |
+everybody likes typing, too much is sometimes too much. Luckily, there is |
184 |
+<c>keychain</c> to the rescue. There is an document on this one <uri |
185 |
+link="/doc/en/keychain-guide.xml">here</uri>, but I'll give you a quick |
186 |
+introduction. |
187 |
</p> |
188 |
+ |
189 |
<p> |
190 |
First, install <c>keychain</c>: |
191 |
</p> |
192 |
-<pre caption = "Installing keychain"> |
193 |
+ |
194 |
+<pre caption="Installing keychain"> |
195 |
# <i>emerge keychain</i> |
196 |
</pre> |
197 |
+ |
198 |
<p> |
199 |
-Now have keychain load up your private ssh key when you log on to your |
200 |
-local box. To do so, add the following to <path>~/.bash_profile</path>. |
201 |
-Again, this should be done on your <e>local</e> machine where you work |
202 |
-at the Gentoo CVS. |
203 |
+Now have keychain load up your private ssh key when you log on to your local |
204 |
+box. To do so, add the following to <path>~/.bash_profile</path>. Again, this |
205 |
+should be done on your <e>local</e> machine where you work at the Gentoo CVS. |
206 |
</p> |
207 |
-<pre caption = "Add this to .bash_profile"> |
208 |
+ |
209 |
+<pre caption="Add this to .bash_profile"> |
210 |
keychain ~/.ssh/id_dsa |
211 |
. .keychain/<comment>hostname</comment>-sh |
212 |
</pre> |
213 |
+ |
214 |
<p> |
215 |
Be sure to substitute <c>hostname</c> with your hostname. |
216 |
</p> |
217 |
+ |
218 |
</body> |
219 |
</section> |
220 |
</chapter> |