| 1 |
nightmorph 10/04/26 19:24:11 |
| 2 |
|
| 3 |
Modified: cvs-sshkeys.xml |
| 4 |
Log: |
| 5 |
remove dead keychain project, replace with link to /doc/en/keychain-guide.xml. also went through the whole doc and edited for GuideXML code standards |
| 6 |
|
| 7 |
Revision Changes Path |
| 8 |
1.6 xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml |
| 9 |
|
| 10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.6&view=markup |
| 11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.6&content-type=text/plain |
| 12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.5&r2=1.6 |
| 13 |
|
| 14 |
Index: cvs-sshkeys.xml |
| 15 |
=================================================================== |
| 16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v |
| 17 |
retrieving revision 1.5 |
| 18 |
retrieving revision 1.6 |
| 19 |
diff -u -r1.5 -r1.6 |
| 20 |
--- cvs-sshkeys.xml 23 May 2008 02:48:37 -0000 1.5 |
| 21 |
+++ cvs-sshkeys.xml 26 Apr 2010 19:24:11 -0000 1.6 |
| 22 |
@@ -1,40 +1,48 @@ |
| 23 |
<?xml version='1.0' encoding="UTF-8"?> |
| 24 |
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> |
| 25 |
- |
| 26 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
| 27 |
|
| 28 |
-<guide link = "/proj/en/infrastructure/cvs-sshkeys.xml"> |
| 29 |
+<guide> |
| 30 |
<title>SSH access to cvs.gentoo.org</title> |
| 31 |
+ |
| 32 |
<author title="Author"> |
| 33 |
- <mail link="swift@g.o">Sven Vermeulen</mail> |
| 34 |
+ <mail link="swift"/> |
| 35 |
</author> |
| 36 |
<author title="Author"> |
| 37 |
- <mail link="robbat2@g.o">Robin H. Johnson</mail> |
| 38 |
+ <mail link="robbat2"/> |
| 39 |
+</author> |
| 40 |
+<author title="Editor"> |
| 41 |
+ <mail link="nightmorph"/> |
| 42 |
</author> |
| 43 |
+ |
| 44 |
<abstract> |
| 45 |
This mini-guide explains on how to create and use ssh-keys, especially |
| 46 |
for use on cvs.gentoo.org. |
| 47 |
</abstract> |
| 48 |
-<version>1.1</version> |
| 49 |
-<date>2007/12/24</date> |
| 50 |
+ |
| 51 |
+<version>1.2</version> |
| 52 |
+<date>2010-04-26</date> |
| 53 |
|
| 54 |
<chapter> |
| 55 |
<title>SSH keys</title> |
| 56 |
<section> |
| 57 |
<title>Creating the SSH keys</title> |
| 58 |
<body> |
| 59 |
+ |
| 60 |
<p> |
| 61 |
First of all, be physically logged on to your own computer. Make sure |
| 62 |
that no-one will see you typing stuff in, since we are going to type in |
| 63 |
passphrases and such. So get your pepperspray and fight all untrusted |
| 64 |
entities until you are home alone. |
| 65 |
</p> |
| 66 |
+ |
| 67 |
<p> |
| 68 |
Now we are going to create our ssh keys, DSA keys to be exact. Log onto |
| 69 |
your computer as the user that you are going to be using when you want |
| 70 |
to access cvs.gentoo.org. Then issue <c>ssh-keygen -t dsa</c>: |
| 71 |
</p> |
| 72 |
-<pre caption = "Creating SSH keys"> |
| 73 |
+ |
| 74 |
+<pre caption="Creating SSH keys"> |
| 75 |
$ <i>ssh-keygen -t dsa</i> |
| 76 |
Generating public/private dsa key pair. |
| 77 |
Enter file in which to save the key (/home/temp/.ssh/id_dsa): <comment>(Press enter)</comment> |
| 78 |
@@ -46,32 +54,39 @@ |
| 79 |
The key fingerprint is: |
| 80 |
85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra |
| 81 |
</pre> |
| 82 |
+ |
| 83 |
<note> |
| 84 |
Please be sure to set a strong passphrase on your private key. Ideally, |
| 85 |
this passphrase should be at least 8 characters and contain a mixture of |
| 86 |
letters, numbers and symbols. |
| 87 |
</note> |
| 88 |
+ |
| 89 |
<p> |
| 90 |
Now wasn't that easy? Let's see what we have created: |
| 91 |
</p> |
| 92 |
-<pre caption = "Created files"> |
| 93 |
+ |
| 94 |
+<pre caption="Created files"> |
| 95 |
# <i>ls ~/.ssh</i> |
| 96 |
id_dsa id_dsa.pub |
| 97 |
</pre> |
| 98 |
+ |
| 99 |
<p> |
| 100 |
You'll probably have more files than this, but the 2 files listed above |
| 101 |
are the ones that are really important. |
| 102 |
</p> |
| 103 |
+ |
| 104 |
<p> |
| 105 |
The first file, <path>id_dsa</path>, is your <e>private</e> key. Don't |
| 106 |
distribute this amongst all people unless you want to get into a fight |
| 107 |
with drobbins (no, you don't want that). |
| 108 |
</p> |
| 109 |
+ |
| 110 |
<warn> |
| 111 |
If you have several (<e>trusted!</e>) hosts from which you want to |
| 112 |
connect to cvs.gentoo.org, you should copy <path>id_dsa</path> to the |
| 113 |
<path>~/.ssh</path> directories on those hosts. |
| 114 |
</warn> |
| 115 |
+ |
| 116 |
<p> |
| 117 |
The second file, <path>id_dsa.pub</path>, is your <e>public</e> key. |
| 118 |
Distribute this file amongst all hosts that you want to be able to |
| 119 |
@@ -80,64 +95,84 @@ |
| 120 |
to your local host so you can connect to that one too if you have several |
| 121 |
boxes. |
| 122 |
</p> |
| 123 |
-<pre caption = "Adding the SSH key to the box"> |
| 124 |
+ |
| 125 |
+<pre caption="Adding the SSH key to the box"> |
| 126 |
$ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i> |
| 127 |
</pre> |
| 128 |
+ |
| 129 |
</body> |
| 130 |
</section> |
| 131 |
<section> |
| 132 |
-<title>Installing your public key on a machine using LDAP authentication for SSH</title> |
| 133 |
+<title> |
| 134 |
+ Installing your public key on a machine using LDAP authentication for SSH |
| 135 |
+</title> |
| 136 |
<body> |
| 137 |
-<note>If you are a new developer, your recruiter will put your first SSH key |
| 138 |
-into LDAP, so that you can login. You can then add any additional SSH keys |
| 139 |
-yourself using the following procedure.</note> |
| 140 |
+ |
| 141 |
+<note> |
| 142 |
+If you are a new developer, your recruiter will put your first SSH key into |
| 143 |
+LDAP, so that you can login. You can then add any additional SSH keys yourself |
| 144 |
+using the following procedure. |
| 145 |
+</note> |
| 146 |
+ |
| 147 |
<p> |
| 148 |
For most of the Gentoo infrastructure, we use LDAP to distribute user |
| 149 |
information including SSH public keys. On these machines, |
| 150 |
<path>~/.ssh/authorized_keys</path> should generally not contain your key. |
| 151 |
</p> |
| 152 |
+ |
| 153 |
<p> |
| 154 |
Instead, you should place your public key into LDAP, using |
| 155 |
<path>perl_ldap</path>, or <path>ldapmodify</path> directly. |
| 156 |
The Infrastructure <uri link="/proj/en/infrastructure/ldap.xml">LDAP |
| 157 |
guide</uri> describes this in more detail. |
| 158 |
</p> |
| 159 |
-<pre caption = "Adding the SSH key with perl_ldap on dev.gentoo.org"> |
| 160 |
+ |
| 161 |
+<pre caption="Adding the SSH key with perl_ldap on dev.gentoo.org"> |
| 162 |
$ <i>perl_ldap -b user -C sshPublicKey "$(cat ~/.ssh/id_dsa.pub)" <username></i> |
| 163 |
</pre> |
| 164 |
-<warn>Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes!</warn> |
| 165 |
+ |
| 166 |
+<warn> |
| 167 |
+Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes! |
| 168 |
+</warn> |
| 169 |
+ |
| 170 |
</body> |
| 171 |
</section> |
| 172 |
<section> |
| 173 |
<title>Using keychain</title> |
| 174 |
<body> |
| 175 |
+ |
| 176 |
<p> |
| 177 |
Every time you want to log on to a remote host using SSH public key |
| 178 |
authentification, you will be asked to enter your passphrase. As much as |
| 179 |
-everybody likes typing, too much is sometimes too much. Luckily, |
| 180 |
-there is <c>keychain</c> to the rescue. There is an document on this |
| 181 |
-one <uri link="/proj/en/keychain.xml">here</uri>, |
| 182 |
-but I'll give you a quick introduction. |
| 183 |
+everybody likes typing, too much is sometimes too much. Luckily, there is |
| 184 |
+<c>keychain</c> to the rescue. There is an document on this one <uri |
| 185 |
+link="/doc/en/keychain-guide.xml">here</uri>, but I'll give you a quick |
| 186 |
+introduction. |
| 187 |
</p> |
| 188 |
+ |
| 189 |
<p> |
| 190 |
First, install <c>keychain</c>: |
| 191 |
</p> |
| 192 |
-<pre caption = "Installing keychain"> |
| 193 |
+ |
| 194 |
+<pre caption="Installing keychain"> |
| 195 |
# <i>emerge keychain</i> |
| 196 |
</pre> |
| 197 |
+ |
| 198 |
<p> |
| 199 |
-Now have keychain load up your private ssh key when you log on to your |
| 200 |
-local box. To do so, add the following to <path>~/.bash_profile</path>. |
| 201 |
-Again, this should be done on your <e>local</e> machine where you work |
| 202 |
-at the Gentoo CVS. |
| 203 |
+Now have keychain load up your private ssh key when you log on to your local |
| 204 |
+box. To do so, add the following to <path>~/.bash_profile</path>. Again, this |
| 205 |
+should be done on your <e>local</e> machine where you work at the Gentoo CVS. |
| 206 |
</p> |
| 207 |
-<pre caption = "Add this to .bash_profile"> |
| 208 |
+ |
| 209 |
+<pre caption="Add this to .bash_profile"> |
| 210 |
keychain ~/.ssh/id_dsa |
| 211 |
. .keychain/<comment>hostname</comment>-sh |
| 212 |
</pre> |
| 213 |
+ |
| 214 |
<p> |
| 215 |
Be sure to substitute <c>hostname</c> with your hostname. |
| 216 |
</p> |
| 217 |
+ |
| 218 |
</body> |
| 219 |
</section> |
| 220 |
</chapter> |
Archives