1 |
chiguire 09/10/26 20:37:41 |
2 |
|
3 |
Added: index.xml |
4 |
Log: |
5 |
#290031, new spanish translation (jose maria alonso) |
6 |
|
7 |
Revision Changes Path |
8 |
1.1 xml/htdocs/proj/es/keychain/index.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/es/keychain/index.xml?rev=1.1&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/es/keychain/index.xml?rev=1.1&content-type=text/plain |
12 |
|
13 |
Index: index.xml |
14 |
=================================================================== |
15 |
<?xml version='1.0' encoding="utf-8"?> |
16 |
|
17 |
|
18 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/es/keychain/index.xml,v 1.1 2009/10/26 20:37:40 chiguire Exp $ --> |
19 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
20 |
|
21 |
<guide link="/proj/es/keychain.xml" lang="es"> |
22 |
<title>Keychain</title> |
23 |
|
24 |
<author title="Autor original"> |
25 |
<mail link="drobbins@g.o">Daniel Robbins</mail> |
26 |
</author> |
27 |
<author title="Mantenedor actual"> |
28 |
<mail link="agriffis@×××××.net">Aron Griffis</mail> |
29 |
</author> |
30 |
<author title="Traductor"> |
31 |
<mail link="gentoo@××××××.org">José María Alonso</mail> |
32 |
</author> |
33 |
|
34 |
<abstract> |
35 |
Esta página contiene información acerca de Keychain, una aplicación de |
36 |
gestión de claves RSA/DSA OpenSSH y compatibles con SSH2 comercial. |
37 |
</abstract> |
38 |
|
39 |
<version>2.6.8</version> |
40 |
<date>24 Oct 2006</date> |
41 |
|
42 |
<chapter> |
43 |
<title>Introducción</title> |
44 |
<section> |
45 |
<body> |
46 |
|
47 |
<p> |
48 |
Muchos de nosotros usamos el excelente <uri |
49 |
link="http://www.openssh.com/">OpenSSH</uri> como un reemplazo seguro y |
50 |
encriptado de los venerables comandos telnet y rsh. Una de las |
51 |
características intrigantes de OpenSSH (y del SSH2 comercial) es su |
52 |
habilidad para autenticar usuarios mediante los protocolos de autenticación |
53 |
RSA y DSA que están basados en dos "claves" numéricas y |
54 |
complementarias. Además, uno de los mayores atractivos de la autenticación |
55 |
RSA y DSA es la promesa de ofrecer la capacidad de establecer conexiones con |
56 |
sistemas remotos <e>sin necesidad de ofrecer una contraseña</e>. El script |
57 |
<c>keychain</c> hace que el manejo de las claves RSA DSA sea a la vez |
58 |
adecuado y seguro. Actúa como front-end de <c>ssh-agent</c>, permitiéndole |
59 |
mantener en ejecución durante un largo periodo de tiempo un proceso |
60 |
<c>ssh-agent</c> <e>para todo el sistema</e>, en lugar de tener uno para |
61 |
cada sesión de login. Esto reduce dramáticamente el número de veces que |
62 |
necesita introducir su clave de una, cada nueva sesión de login, a una |
63 |
<e>cada vez que su máquina es reiniciada.</e> |
64 |
</p> |
65 |
|
66 |
<p> |
67 |
<c>Keychain</c> fue presentado por primera vez en una serie de artículos de |
68 |
<uri link="http://www.ibm.com/developerworks">IBM developerWorks</uri>. El |
69 |
primer <uri |
70 |
link="http://www-106.ibm.com/developerworks/linux/library/l-keyc.html"> |
71 |
artículo</uri> presenta una serie de conceptos detrás de la autenticación |
72 |
RSA/DSA y le muestra como implantar una autenticación básica (con |
73 |
contraseña). El <uri |
74 |
link="http://www-106.ibm.com/developerworks/linux/library/l-keyc2/"> segundo |
75 |
artículo</uri> le muestra como usar <c>keychain</c> para implantar un acceso |
76 |
<c>ssh</c> <e>sin contraseña</e> de una forma muy adecuada. <c>keychain</c> |
77 |
también ofrece una forma segura y limpia para que los trabajos <c>cron</c> |
78 |
tomen las ventajas de las claves RSA/DSA keys sin necesidad de usar claves |
79 |
inseguras, sin encriptar o privadas. <uri |
80 |
link="http://www-106.ibm.com/developerworks/linux/library/l-keyc3/">El |
81 |
tercer artículo</uri> le muestra como usar el mecanismo de reenvío de |
82 |
autenticación de <c>ssh-agent</c>. |
83 |
</p> |
84 |
|
85 |
<p> |
86 |
Las versiones actuales de <c>keychain</c> funcionan en Linux, BSD, <uri |
87 |
link="http://cygwin.com/">Cygwin</uri>, <uri |
88 |
link="http://h30097.www3.hp.com/">Tru64 UNIX</uri>, <uri |
89 |
link="http://www.hp.com/products1/unix/operating/">HP-UX</uri>, <uri |
90 |
link="http://www.apple.com/macosx/">Mac OS X</uri>, y <uri |
91 |
link="http://wwws.sun.com/software/solaris/index.html">Solaris</uri> usando |
92 |
la variante del Bourne shell que esté disponible en cada uno. |
93 |
</p> |
94 |
|
95 |
</body> |
96 |
</section> |
97 |
</chapter> |
98 |
|
99 |
<chapter> |
100 |
<title>Captura de pantalla</title> |
101 |
<section> |
102 |
<body> |
103 |
|
104 |
<figure link="keychain-ss.png" caption="Keychain en acción" /> |
105 |
<p> |
106 |
Arriba, agriffis ejecuta <c>keychain</c>, el cual ejecuta a su vez ssh-agent |
107 |
y carga id_dsa. A continuación agriffis ejecuta un comando source de las |
108 |
variables en el entorno y hace login en <c>dev.gentoo.org</c>. Normalmente |
109 |
<c>keychain</c> (y la consiguiente carga del entorno) deberían ser |
110 |
ejecutados desde los ficheros de inicialización del shell. Su invocación se |
111 |
muestra aquí. |
112 |
</p> |
113 |
|
114 |
<figure link="keychain-ss2.png" caption="Más acciones de keychain" /> |
115 |
<p> |
116 |
En esta ocasión cuando agriffis ejecuta <c>keychain</c>, se encuentra un |
117 |
ssh-agent que está corriendo y éste es usado. No es necesario cargar id_dsa |
118 |
por segunda vez. Ahora agriffis hace un comando source de las variables en |
119 |
el entorno y hace login en <c>dev.gentoo.org</c>. De nuevo, <c>keychain</c> |
120 |
(y la consiguiente carga del entorno) deberían ser ejecutados desde los |
121 |
ficheros de inicialización del shell. Su invocación se muestra aquí. |
122 |
</p> |
123 |
|
124 |
</body> |
125 |
</section> |
126 |
</chapter> |
127 |
|
128 |
<chapter> |
129 |
<title>Descarga e instalación</title> |
130 |
<section> |
131 |
<title>Gentoo Linux</title> |
132 |
<body> |
133 |
|
134 |
<p> |
135 |
La instalación en Gentoo es fácil, simplemente haga emerge. ¡Por supuesto! |
136 |
</p> |
137 |
|
138 |
<pre caption="Inicialización de keychain en Gentoo"> |
139 |
<comment>(Instalar keychain)</comment> |
140 |
# emerge keychain -pv |
141 |
# emerge keychain |
142 |
<comment>(Leer la ayuda)</comment> |
143 |
# keychain --help |
144 |
</pre> |
145 |
|
146 |
</body> |
147 |
</section> |
148 |
<section> |
149 |
<title>Red Hat y otras distribuciones basadas en RPM</title> |
150 |
<body> |
151 |
|
152 |
<p> |
153 |
Descargue último paquete rpm desde <uri |
154 |
link="http://agriffis.n01se.net/keychain/" |
155 |
>http://agriffis.n01se.net/keychain/</uri>. Después de descargarlo, ejecute |
156 |
estos comandos (como root) para instalar la clave GPG pública usada para |
157 |
firmar el RPM, entonces puede verificar el RPM e instalarlo: |
158 |
</p> |
159 |
|
160 |
<pre caption="Instalación del RPM de keychain"> |
161 |
<comment>(Obtenga la clave pública usada para firmar los rpms)</comment> |
162 |
# <i>gpg --keyserver subkeys.pgp.net --recv-key 20104eb0</i> |
163 |
<comment>(Verifique la huella dactilar del la clave obtenida)</comment> |
164 |
# <i>gpg --fingerprint 20104eb0</i> |
165 |
pub 1024D/20104EB0 2003-09-28 Aron Griffis <agriffis@×××××.net> |
166 |
Key fingerprint = E3B6 8734 C2D6 B5E5 AE76 FB3A 26B1 C5E3 2010 4EB0 |
167 |
sub 1024g/A2D963E7 2003-09-28 |
168 |
<comment>(Importe la clave al anillo de claves de rpm)</comment> |
169 |
# <i>gpg --export --armor 20104eb0 > /tmp/20104eb0.pub</i> |
170 |
# <i>rpm --import /tmp/20104eb0.pub</i> |
171 |
# <i>rm /tmp/20104eb0.pub</i> |
172 |
<comment>(Compruebe el rpm; tamto el md5 como el gpg deberían ser correctos) </comment> |
173 |
# <i>rpm -K keychain-2.6.8-1.noarch.rpm</i> |
174 |
<comment>(Instale el rpm)</comment> |
175 |
# <i>rpm -Uvh keychain-2.6.8-1.noarch.rpm</i> |
176 |
</pre> |
177 |
|
178 |
<note> |
179 |
Si su cortaguegos bloquea las conexiones GPG al servidor de claves, puede |
180 |
instalar la clave GPG manualmente ejecutando <c>wget -O - |
181 |
http://agriffis.n01se.net/gpg-pubkey-20104eb0.asc | gpg --import</c> |
182 |
</note> |
183 |
|
184 |
<p> |
185 |
Finalmente, con un usuario normal, ejecute <c>keychain --help</c> para las |
186 |
instrucciones de configuración. |
187 |
</p> |
188 |
|
189 |
</body> |
190 |
</section> |
191 |
<section> |
192 |
<title>Fuentes</title> |
193 |
<body> |
194 |
|
195 |
<p> |
196 |
Se pueden encontrar tarballs de <c>keychain</c> en <uri |
197 |
link="http://agriffis.n01se.net/keychain/" |
198 |
>http://agriffis.n01se.net/keychain/</uri>. |
199 |
</p> |
200 |
|
201 |
</body> |
202 |
</section> |
203 |
</chapter> |
204 |
|
205 |
<chapter> |
206 |
<title>Registro de cambios</title> |
207 |
<section> |
208 |
<body> |
209 |
|
210 |
<pre caption="Registro de cambios de keychain"> |
211 |
<!-- begin automatic ChangeLog insertion |
212 |
end automatic ChangeLog insertion --> |
213 |
* keychain 2.6.8 (24 Oct 2006) |
214 |
|
215 |
24 Oct 2006; Aron Griffis <agriffis@g.o>: |
216 |
Save LC_ALL for gpg invocation so that pinentry-curses works. This affected |
217 |
peper and kloeri, though it seems to work for me in any case. |
218 |
|
219 |
* keychain 2.6.7 (24 Oct 2006) |
220 |
|
221 |
24 Oct 2006; Aron Griffis <agriffis@g.o>: |
222 |
Prevent gpg_listmissing from accidentally loading keys |
223 |
|
224 |
* keychain 2.6.6 (08 Sep 2006) |
225 |
|
226 |
08 Sep 2006; Aron Griffis <agriffis@g.o>: |
227 |
Make --lockwait -1 mean forever. Previously 0 meant forever but was |
228 |
undocumented. Add more locking regression tests #137981 |
229 |
|
230 |
* keychain 2.6.5 (08 Sep 2006) |
231 |
|
232 |
08 Sep 2006; Aron Griffis <agriffis@g.o>: |
233 |
Break out of loop when empty lockfile can't be removed #127471. Add locking |
234 |
regression tests: |
235 |
100_lock_stale 101_lock_held 102_lock_empty 103_lock_empty_cant_remove |
236 |
|
237 |
* keychain 2.6.4 (08 Sep 2006) |
238 |
|
239 |
08 Sep 2006; Aron Griffis <agriffis@g.o>: |
240 |
Add validinherit function so that validity of SSH_AUTH_SOCK and friends can be |
241 |
validated from startagent rather than up front. The advantage is that warning |
242 |
messages aren't emitted unnecessarily when --inherit *-once. |
243 |
Fix --eval for fish, and add new testcases: |
244 |
053_start_with_--eval_ksh |
245 |
054_start_with_--eval_fish |
246 |
055_start_with_--eval_csh |
247 |
|
248 |
* keychain 2.6.3 (07 Sep 2006) |
249 |
|
250 |
07 Sep 2006; Aron Griffis <agriffis@g.o>: |
251 |
Support fish: http://roo.no-ip.org/fish/ |
252 |
Thanks to Ilkka Poutanen for the patch. |
253 |
|
254 |
* keychain 2.6.2 (20 Mar 2006) |
255 |
|
256 |
20 Mar 2006; Aron Griffis <agriffis@g.o>: |
257 |
Add --confirm option and corresponding regression tests for Debian bug 296382. |
258 |
Thanks to Liyang HU for the patch. Also add initialization for $ssh_timeout |
259 |
which was being inherited from the environment and add regression tests for |
260 |
--timeout |
261 |
|
262 |
* keychain 2.6.1 (10 Oct 2005) |
263 |
|
264 |
10 Oct 2005; Aron Griffis <agriffis@g.o>: |
265 |
Change "unset evalopt" to "evalopt=false" and run through *all* the regression |
266 |
tests instead of just the new ones. *sigh* |
267 |
|
268 |
* keychain 2.6.0 (10 Oct 2005) |
269 |
|
270 |
10 Oct 2005; Aron Griffis <agriffis@g.o>: |
271 |
Add the --eval option which makes keychain startup easier. See the man-page |
272 |
for examples. Get rid of the release notes from README, so now this file is |
273 |
where changes are tracked. |
274 |
|
275 |
* keychain 2.5.5 (28 Jul 2005) |
276 |
|
277 |
28 Jul 2005; Aron Griffis <agriffis@g.o>: |
278 |
Add the --env option and automatic reading of .keychain/env. This allows |
279 |
variables such as PATH to be overridden for peculiar environments |
280 |
|
281 |
* keychain 2.5.4.1 (11 May 2005) |
282 |
|
283 |
11 May 2005; Aron Griffis <agriffis@g.o>: |
284 |
A minor bug in 2.5.4 resulted in always exiting with non-zero status. Change |
285 |
back to the correct behavior of zero for success, non-zero for failure |
286 |
|
287 |
* keychain 2.5.4 (11 May 2005) |
288 |
|
289 |
11 May 2005; Aron Griffis <agriffis@g.o>: |
290 |
Fix bug 92316: If any locale variables are set, override them with LC_ALL=C. |
291 |
This fixes a multibyte issue with awk that could keep a running ssh-agent from |
292 |
being found. |
293 |
Fix bug 87340: Use files instead of symlinks for locking, since symlink |
294 |
creation is not atomic on cygwin. |
295 |
|
296 |
* keychain 2.5.3.1 (10 Mar 2005) |
297 |
|
298 |
10 Mar 2005; Aron Griffis <agriffis@g.o>: |
299 |
Fix problem introduced in 2.5.3 wrt adding gpg keys to the agent. Thanks |
300 |
to Azarah for spotting it. |
301 |
|
302 |
* keychain 2.5.3 (09 Mar 2005) |
303 |
|
304 |
09 Mar 2005; Aron Griffis <agriffis@g.o>: |
305 |
Improve handling of DISPLAY by unsetting if blank. Call gpg with |
306 |
--use-agent explicitly. |
307 |
|
308 |
* keychain 2.5.2 (06 Mar 2005) |
309 |
|
310 |
06 Mar 2005; Aron Griffis <agriffis@g.o>: |
311 |
Fix bug 78974 "keychain errors on Big/IP (x86 BSD variant)" by refraining |
312 |
from using ! in conditional expressions. Fix RSA fingerprint extraction |
313 |
on Solaris, reported in email by Travis Fitch. Use $HOSTNAME when |
314 |
possible instead of calling uname -n to improve bash_profile |
315 |
compatibility. |
316 |
|
317 |
* keychain 2.5.1 (12 Jan 2005) |
318 |
|
319 |
12 Jan 2005; Aron Griffis <agriffis@g.o>: |
320 |
Don't accidentally inherit a forwarded agent when |
321 |
inheritwhich=local-once. Move the --stop warning after the version |
322 |
splash. |
323 |
|
324 |
* keychain 2.5.0 (07 Jan 2005) |
325 |
|
326 |
07 Jan 2005; Aron Griffis <agriffis@g.o>: |
327 |
Add inheritance support via --inherit. Add parameters to --stop for |
328 |
more control. Change the default behavior of keychain to inherit if |
329 |
there's no keychain agent running ("--inherit local-once"), and |
330 |
refrain from killing other agents unless "--stop others" is |
331 |
specified. |
332 |
|
333 |
* keychain 2.4.3 (17 Nov 2004) |
334 |
|
335 |
17 Nov 2004; Aron Griffis <agriffis@g.o>: |
336 |
Fix bug 69879: Update findpids to work again on BSD; it has been |
337 |
broken since the changes in version 2.4.2. Now we use OSTYPE (bash) |
338 |
or uname to determine the system type and call ps appropriately. |
339 |
|
340 |
* keychain 2.4.2.1 (30 Sep 2004) |
341 |
|
342 |
30 Sep 2004; Aron Griffis <agriffis@g.o>: |
343 |
Fix minor issues in the test for existing gpg keys wrt DISPLAY |
344 |
|
345 |
* keychain 2.4.2 (29 Sep 2004) |
346 |
|
347 |
29 Sep 2004; Aron Griffis <agriffis@g.o>: |
348 |
Make gpg support more complete. Allow adding keys, clearing the |
349 |
agent, etc. Fix --quick support to work properly again; it was |
350 |
broken since 2.4.0. Change default --attempts to 1 since the progs |
351 |
ask multiple times anyway. |
352 |
|
353 |
* keychain 2.4.1 (22 Sep 2004) |
354 |
|
355 |
22 Sep 2004; Aron Griffis <agriffis@g.o>: |
356 |
Fix bugs 64174 and 64178; support Sun SSH, which is really OpenSSH |
357 |
in disguise and a few critical outputs changed. Thanks to Nathan |
358 |
Bardsley for lots of help debugging on Solaris 9 |
359 |
|
360 |
15 Sep 2004; Aron Griffis <agriffis@g.o>: |
361 |
Fix pod2man output so it formats properly on SGI systems. Thanks to |
362 |
Matthew Moore for reporting the problem. |
363 |
|
364 |
* keychain 2.4.0 (09 Sep 2004) |
365 |
|
366 |
09 Sep 2004; Aron Griffis <agriffis@g.o>: |
367 |
Fix bug 26970 with first pass at gpg-agent support |
368 |
|
369 |
Fix Debian bug 269722; don't filter output of ssh-add |
370 |
|
371 |
Fix bug reported by Marko Myllynen regarding keychain and Solaris |
372 |
awk's inability to process -F'[ :]' |
373 |
|
374 |
Fix bug in now_seconds calculation, noticed by me. |
375 |
|
376 |
* keychain 2.3.5 (28 Jul 2004) |
377 |
|
378 |
28 Jul 2004; Aron Griffis <agriffis@g.o>: |
379 |
Fix bug 58623 with patch from Daniel Westermann-Clark; don't put an |
380 |
extra newline in the output of listmissing |
381 |
|
382 |
Generate keychain.spec from keychain.spec.in automatically so that |
383 |
the version can be set appropriately. |
384 |
|
385 |
* keychain 2.3.4 (24 Jul 2004) |
386 |
|
387 |
24 Jul 2004; Aron Griffis <agriffis@g.o>: |
388 |
Fix bug 28599 reported by Bruno Pelaia; ignore defunct processes in |
389 |
ps output |
390 |
|
391 |
* keychain 2.3.3 (30 Jun 2004) |
392 |
|
393 |
30 Jun 2004; Aron Griffis <agriffis@g.o>: |
394 |
Fix bug reported by Matthew S. Moore in email; escape the backticks |
395 |
in --help output |
396 |
|
397 |
Fix bug reported by Herbie Ong in email; set pidf, cshpidf and lockf |
398 |
variables after parsing command-line to honor --dir setting |
399 |
|
400 |
Fix bug reported by Stephan Stahl in email; make spaces in filenames |
401 |
work throughout keychain, even in pure Bourne shell |
402 |
|
403 |
Fix operation on HP-UX with older OpenSSH by interpreting output of |
404 |
ssh-add as well as the error status |
405 |
|
406 |
* keychain 2.3.2 (16 Jun 2004) |
407 |
|
408 |
16 Jun 2004; Aron Griffis <agriffis@g.o>: |
409 |
Fix bug 53837 (keychain needs ssh-askpass) by unsetting SSH_ASKPASS |
410 |
when --nogui is specified |
411 |
|
412 |
* keychain 2.3.1 (03 Jun 2004) |
413 |
|
414 |
03 Jun 2004; Aron Griffis <agriffis@g.o>: |
415 |
Fix bug 52874: problems when the user is running csh |
416 |
|
417 |
* keychain 2.3.0 (14 May 2004) |
418 |
|
419 |
14 May 2004; Aron Griffis <agriffis@g.o>: |
420 |
Rewrite the locking code to avoid procmail |
421 |
|
422 |
* keychain 2.2.2 (03 May 2004) |
423 |
|
424 |
03 May 2004; Aron Griffis <agriffis@g.o>: |
425 |
Call loadagent prior to generating HOSTNAME-csh file so that |
426 |
variables are set. |
427 |
|
428 |
* keychain 2.2.1 (27 Apr 2004) |
429 |
|
430 |
27 Apr 2004; Aron Griffis <agriffis@g.o>: |
431 |
Find running ssh-agent processes by searching for /[s]sh-agen/ |
432 |
instead of /[s]sh-agent/ for the sake of Solaris, which cuts off ps |
433 |
-u output at 8 characters. Thanks to Clay England for reporting the |
434 |
problem and testing the fix. |
435 |
|
436 |
* keychain 2.2.0 (21 Apr 2004) |
437 |
|
438 |
21 Apr 2004; Aron Griffis <agriffis@g.o>: |
439 |
Rewrote most of the code, organized into functions, fixed speed |
440 |
issues involving ps, fixed compatibility issues for various UNIXes, |
441 |
hopefully didn't introduce too many bugs. This version has a |
442 |
--quick option (for me) and a --timeout option (for carpaski). |
443 |
|
444 |
Also added a Makefile and converted the man-page to pod for easier |
445 |
editing. See perlpod(1) for information on the format. Note that |
446 |
the pod is sucked into keychain and colorized when you run make. |
447 |
|
448 |
* keychain 2.0.3 (06 Apr 2003) |
449 |
|
450 |
06 Apr 2003; Seth Chandler <sethbc@g.o>: |
451 |
Added keychain man page, fixed bugs with displaying colors for keychain |
452 |
--help. Also added a $grepopts to fix the grepping for a pid on cygwin |
453 |
Also added a TODO document |
454 |
color fix based on submission by Luke Holden <email@×××××××××.org> |
455 |
|
456 |
* keychain 2.0.2 (26 Aug 2002) |
457 |
|
458 |
26 Aug 2002; the Tru64 fix didn't work; it was being caused by "trap - foo" |
459 |
rather than "tail +2 -". Now really fixed. |
460 |
|
461 |
26 Aug 2002; fixed "ssh-add" call to only redirect stdin (thus enabling |
462 |
ssh-askpass) if ssh_askpass happens to be set; this is to work around a bug |
463 |
in openssh were redirecting stdin will enable ssh-askpass even if ssh_askpass |
464 |
isn't set, which contradicts the openssh 3.4_p1 man page. to enable |
465 |
ssh-askpass, keychain now requires that the ssh_askpass var be set to point |
466 |
to your askpass program. |
467 |
|
468 |
* keychain 2.0.1 (24 Aug 2002) |
469 |
|
470 |
24 Aug 2002; "--help" fixes; the keychain files were listed as sh-${HOSTNAME} |
471 |
rather than ${HOSTNAME}-sh. Now consistent with the actual program. Thanks to |
472 |
Christian Plessl <plessl@×××××××××××.ch>, others for reporting this issue. |
473 |
|
474 |
24 Aug 2002; cycloon <cycloon@××××××××.org>: "If you add < /dev/null when |
475 |
adding the missingkeys via "ssh-add ${missingkeys}" (at line 454 of version |
476 |
2.0) so that it reads: "ssh-add ${missingkeys} < /dev/null" then users can |
477 |
use program like x11-ssh-askpass in xfree to type in their passphrase. It |
478 |
then still works for users on shell, depending if $DISPLAY is set." Added. |
479 |
|
480 |
24 Aug 2002; A fix to calling "tail" that *should* fix things for Tru64 Unix; |
481 |
unfortunately, I have no way to test but the solution should be portable to |
482 |
all other flavors of systems. Thanks to Mark Scarborough |
483 |
<Mark.Scarborough@×××××××××.com> for reporting the issue. |
484 |
|
485 |
24 Aug 2002; Changed around the psopts detection stuff so that "-x -u $me f" |
486 |
is used; this is needed on MacOS X. Thanks to Brian Bergstrand |
487 |
<brian@×××××××××××××××.net>, others for reporting this issue. |
488 |
|
489 |
* keychain 2.0 (17 Aug 2002) |
490 |
|
491 |
17 Aug 2002; (Many submitters): A fix for keychain when running on HP-UX |
492 |
10.20. |
493 |
|
494 |
17 Aug 2002; Patrice DUMAS - DOCT <dumas@××××××××××××.fr>: Now perform help |
495 |
early on to avoid unnecessary processing. Also added --dir option to allow |
496 |
keychain to look in an alternate location for the .keychain directory (use |
497 |
like this: "keychain --dir /var/foo") |
498 |
|
499 |
17 Aug 2002; Martial MICHEL <martial@×××××××××××××××××.net>: Martial also |
500 |
suggested moving help processing to earlier in the script. He also submitted |
501 |
a patch to place .ssh-agent-* files in a ~/.keychain/ directory, which makes |
502 |
sense particularly for NFS users so I integrated the concept into the code. |
503 |
|
504 |
17 Aug 2002; Fred Carter <fred.carter@××××××××××.com>: Cygwin fix to use |
505 |
proper "ps" options. |
506 |
|
507 |
17 Aug 2002; Adrian Howard <adrianh@××××××××××.com>: patch so that lockfile |
508 |
gets removed even if --noask is specified. |
509 |
|
510 |
17 Aug 2002; Mario Wolff <wolff@××××××××××.de>: Replaced an awk dependency |
511 |
with a shell construct for improved performance. |
512 |
|
513 |
17 Aug 2002; Marcus Stoegbauer <marcus@×××××.org>, Dmitry Frolov |
514 |
<frolov@××××××××××××.ru>: I (Daniel Robbins) solved problems reported by |
515 |
Marcus and Dmitry (mis-parsed command line issues) by following Dmitry's good |
516 |
suggestion of performing argument parsing all at once at the top of the |
517 |
script. |
518 |
|
519 |
17 Aug 2002; Brian W. Curry <truth@××××××××××.net>: Added commercial SSH2 |
520 |
client support; improved output readability by initializing myfail=0; |
521 |
integrated Cygwin support into the main keychain script; improved Cygwin |
522 |
support by setting "trap" appropriately. Thanks Brian! |
523 |
|
524 |
* keychain 1.9 (04 Mar 2002) |
525 |
|
526 |
04 Mar 2002; changed license from "GPL, v2 or later" to "GPL v2". |
527 |
|
528 |
04 Mar 2002; added "keychain.cygwin" for Cygwin systems. It may be time to |
529 |
follow this pattern and start building separate, optimized scripts for each |
530 |
platform so they don't get too sluggish. Maybe I could use a C preprocessor |
531 |
for this. |
532 |
|
533 |
06 Dec 2001; several people: Solaris doesn't like '-e' comparisons; switched |
534 |
to '-f' |
535 |
|
536 |
* keychain 1.8 (29 Nov 2001) |
537 |
|
538 |
29 Nov 2001; Philip Hallstrom (philip@×××××××××××××.com) Added a "--local" |
539 |
option for removing the ${HOSTNAME} from the various files that keychain |
540 |
creates. Handy for non-NFS users. |
541 |
|
542 |
29 Nov 2001; Aron Griffis (agriffis@g.o) Using the Bourne shell "type" |
543 |
builtin rather than using the external "which" command. Should make things a |
544 |
lot more robust and slightly faster. |
545 |
|
546 |
09 Nov 2001; Mike Briseno (mike@×××××.com) Solaris' "which" command outputs |
547 |
"no lockfile in..." to stdout rather than stderr. A one-line fix (test the |
548 |
error condition) has been applied. |
549 |
|
550 |
09 Nov 2001; lockfile settings tweak |
551 |
|
552 |
09 Nov 2001; Rewrote how keychain detects failed passphrase attempts. If you |
553 |
stop making progress providing valid passphrases, it's three strikes and |
554 |
you're out. |
555 |
|
556 |
09 Nov 2001; Constantine P. Sapuntzakis (csapuntz@××××××××.edu) Some private |
557 |
keys can't be "ssh-keygen -l -f"'d; this patch causes keychain to look for |
558 |
the corresponding public key if the private key doesn't work. Thanks |
559 |
Constantine! |
560 |
|
561 |
09 Nov 2001; Victor Leitman (vleitman@×××××.com) CYAN color misdefined; |
562 |
fixed. |
563 |
|
564 |
27 Oct 2001; Brian Wellington (bwelling@×××××.org) A "quiet mode" (--quiet) |
565 |
fix; I missed an "echo". |
566 |
|
567 |
27 Oct 2001; J.A. Neitzel (jan@××××××××.org) Missed another "kill -9"; it's |
568 |
now gone. |
569 |
|
570 |
* keychain 1.7 (21 Oct 2001) |
571 |
|
572 |
21 Oct 2001; Frederic Gobry (frederic.gobry@×××××××××.ch) Frederic suggested |
573 |
using procmail's lockfile to serialize the execution of critical parts of |
574 |
keychain, thus avoiding multiple ssh-agent processes being started if you |
575 |
happen to have multiple xterms open automatically when you log in. |
576 |
Initially, I didn't think I could add this, since systems may not have the |
577 |
lockfile command; however, keychain will now auto-detect whether lockfile is |
578 |
installed; if it is, keychain will automatically use it, thus preventing |
579 |
multiple ssh-agent processes from being spawned. |
580 |
|
581 |
21 Oct 2001; Raymond Wu (ursus@×××.net): --nocolor test is no longer inside |
582 |
the test for whether "echo -e" works. According to Raymond, this works |
583 |
optimally on his Solaris box. |
584 |
|
585 |
21 Oct 2001; J.A. Neitzel (jan@××××××××.org): No longer "kill -9" our |
586 |
ssh-agent processes. SIGTERM should be sufficient and will allow ssh-agent to |
587 |
clean up after itself (this reverses a previously-applied patch). |
588 |
|
589 |
21 Oct 2001; Thomas Finneid (tfinneid@××××××.no): Added argument "--quiet | |
590 |
-q" to make the program less intrusive to the user; with it, only error and |
591 |
interactive messages will appear. |
592 |
|
593 |
21 Oct 2001; Thomas Finneid (tfinneid@××××××.no): Changed the format of some |
594 |
arguments to bring them more in line with common *nix programs: added "-h" as |
595 |
alias for "--help"; added "-k" as alias for "--stop" |
596 |
|
597 |
21 Oct 2001; Mark Stosberg (mark@×××××××××××.com): $pidf to "$pidf" fixes to |
598 |
allow keychain to work with paths that include spaces (for Darwin and MacOS X |
599 |
in particular). |
600 |
|
601 |
21 Oct 2001; Jonathan Wakely (redi@××××××××××××.net): Small patch to convert |
602 |
"echo -n -e" to "echo -e "\c"" for FreeBSD compatibility. |
603 |
|
604 |
* keychain 1.6 (15 Oct 2001) |
605 |
|
606 |
13 Oct 2001; Ralf Horstmann (ralf.horstmann@×××××××××.com): Add /usr/ucb to |
607 |
path for Solaris systems. |
608 |
|
609 |
11 Oct 2001; Idea from Joe Reid (jreid@××××.net): Try to add multiple keys |
610 |
using ssh-add; avoid typing in identical passphrases more than once. Good |
611 |
idea! |
612 |
|
613 |
*keychain 1.5 (21 Sep 2001) |
614 |
|
615 |
21 Sep 2001; David Hull (hull@×××××××.com): misc. compatibility, signal |
616 |
handling, cleanup fixes |
617 |
|
618 |
21 Sep 2001; "ps" test to find the right one for your OS. |
619 |
|
620 |
20 Sep 2001; Marko Myllynen (myllynen@×××.fi): "grep [s]sh-agent" to "grep |
621 |
[s]sh-agent" (zsh fix) |
622 |
|
623 |
*keychain 1.4 (20 Sep 2001) |
624 |
|
625 |
20 Sep 2001; David Hull (hull@×××××××.com): "touch $foo" to ">$foo" |
626 |
optimization and other "don't fork" fixes. Converted ${foo#--} to a case |
627 |
statement for Solaris sh compatibility. |
628 |
|
629 |
20 Sep 2001; Try an alternate "ps" syntax if our default one fails. This |
630 |
should give us Solaris and IRIX (sysV) compatibility without breaking BSD. |
631 |
|
632 |
20 Sep 2001; Hans Peter Verne (h.p.verne@××××××××.no); "echo -e" to "echo $E" |
633 |
(for IRIX compatibility with --nocolor), optimization of grep ("grep |
634 |
[s]sh-agent") |
635 |
|
636 |
17 Sep 2001; Marko Myllynen (myllynen@×××.fi): Various fixes: trap signal 2 |
637 |
if signal INT not supported (NetBSD); handle invalid keys correctly; ancient |
638 |
version of ash didn't support ~, so using $HOME; correct zsh instruction; |
639 |
minor cleanups |
640 |
|
641 |
*keychain 1.3 (12 Sep 2001) |
642 |
|
643 |
12 Sep 2001; Minor color changes; the cyan was hard to read on xterm-colored |
644 |
terms so it was switched to bold. Additional --help text added. |
645 |
|
646 |
10 Sep 2001; We now use .ssh-agent-[hostname] instead of .ssh-agent. We now |
647 |
create a .ssh-agent-csh-[hostname] file that can be sourced by csh-compatible |
648 |
shells. We also now kill all our existing ssh-agent processes before |
649 |
starting a new one. |
650 |
|
651 |
10 Sep 2001; Robert R. Wal (rrw@××××.pl): Very nice NFS fixes, colorization |
652 |
fixes, tcsh redirect -> grep -v fix. Thanks go out to others who sent me |
653 |
similar patches. |
654 |
|
655 |
10 Sep 2001; Johann Visagie (johann@×××××××××.com): "source" to "." |
656 |
shell-compatibility fixes. Thanks for the FreeBSD port. |
657 |
|
658 |
10 Sep 2001; Marko Myllynen (myllynen@×××.fi): rm -f $pidf after stopping |
659 |
ssh-agent fix |
660 |
|
661 |
*keychain 1.2 |
662 |
|
663 |
09 Sep 2001; README updates to reflect new changes. |
664 |
|
665 |
09 Sep 2001; Marko Myllynen (myllynen@×××.fi): bash 1/zsh/sh compatibility; |
666 |
now only tries to kill *your* ssh-agent processes, version fix, .ssh-agent |
667 |
file creation error detection. Thanks! |
668 |
|
669 |
*keychain 1.1; fixes for calling "pidof"; README; ChangeLog |
670 |
|
671 |
07 Sep 2001; Addition of README stating that keychain requires bash 2.0 or |
672 |
greater, as well as quick install directions and web URL. |
673 |
|
674 |
07 Sep 2001; Explicitly added /sbin and /usr/sbin to path, and then called |
675 |
"pidof". I think that this is a bit more robust. |
676 |
|
677 |
06 Sep 2001; from John Ellson (ellson@××××××.com): "pidof" changed to |
678 |
"/sbin/pidof", since it's probably not in $PATH |
679 |
|
680 |
06 Sep 2001; New ChangeLog! :) |
681 |
|
682 |
*keychain 1.0; initial release (Aug 2001) |
683 |
|
684 |
</pre> |
685 |
|
686 |
</body> |
687 |
</section> |
688 |
</chapter> |
689 |
</guide> |