/[gentoo]/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml
Gentoo

Diff of /xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.1 Revision 1.2
11<abstract> 11<abstract>
12This mini-guide explains on how to create and use ssh-keys, especially 12This mini-guide explains on how to create and use ssh-keys, especially
13for use on cvs.gentoo.org. 13for use on cvs.gentoo.org.
14</abstract> 14</abstract>
15<version>1.0</version> 15<version>1.0</version>
16<date>3rd of July, 2003</date> 16<date>3rd of July, 2003</date>
17 17
18<chapter> 18<chapter>
19<title>SSH keys</title> 19<title>SSH keys</title>
20<section> 20<section>
21<title>Creating the SSH keys</title> 21<title>Creating the SSH keys</title>
22<body> 22<body>
23<p> 23<p>
24First of all, be physically logged on to your own computer. Make sure 24First of all, be physically logged on to your own computer. Make sure
25that no-one will see you typing stuff in, since we are going to type in 25that no-one will see you typing stuff in, since we are going to type in
26passphrazes and such. So get your pepperspray and fight all untrusted 26passphrases and such. So get your pepperspray and fight all untrusted
27entities until you are home alone. 27entities until you are home alone.
28</p> 28</p>
29<p> 29<p>
30Now we are going to create our ssh keys, DSA keys to be exact. Log onto 30Now we are going to create our ssh keys, DSA keys to be exact. Log onto
31your computer as the user that you are going to be using when you want 31your computer as the user that you are going to be using when you want
32to access cvs.gentoo.org. Then issue <c>ssh-keygen -t dsa</c>: 32to access cvs.gentoo.org. Then issue <c>ssh-keygen -t dsa</c>:
33</p> 33</p>
34<pre caption = "Creating SSH keys"> 34<pre caption = "Creating SSH keys">
35$ <i>ssh-keygen -t dsa</i> 35$ <i>ssh-keygen -t dsa</i>
36Generating public/private dsa key pair. 36Generating public/private dsa key pair.
37Enter file in which to save the key (/home/temp/.ssh/id_dsa): <comment>(Press enter)</comment> 37Enter file in which to save the key (/home/temp/.ssh/id_dsa): <comment>(Press enter)</comment>
38Created directory '/home/temp/.ssh'. 38Created directory '/home/temp/.ssh'.
39Enter passphrase (empty for no passphrase): <comment>(Enter your passphraze)</comment> 39Enter passphrase (empty for no passphrase): <comment>(Enter your passphrase)</comment>
40Enter same passphrase again: <comment>(Enter your passphraze again)</comment> 40Enter same passphrase again: <comment>(Enter your passphrase again)</comment>
41Your identification has been saved in /home/temp/.ssh/id_dsa. 41Your identification has been saved in /home/temp/.ssh/id_dsa.
42Your public key has been saved in /home/temp/.ssh/id_dsa.pub. 42Your public key has been saved in /home/temp/.ssh/id_dsa.pub.
43The key fingerprint is: 43The key fingerprint is:
4485:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra 4485:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra
45</pre> 45</pre>
46<note> 46<note>
47Please be sure to set a strong passphrase on your private key. Ideally, 47Please be sure to set a strong passphrase on your private key. Ideally,
48this passphrase should be at least 8 characters and contain a mixture of 48this passphrase should be at least 8 characters and contain a mixture of
49letters, numbers and symbols. 49letters, numbers and symbols.
50</note> 50</note>
51<p> 51<p>
52Now wasn't that easy? Let's see what we have created: 52Now wasn't that easy? Let's see what we have created:
53</p> 53</p>
54<pre caption = "Created files"> 54<pre caption = "Created files">
55# <i>ls ~/.ssh</i> 55# <i>ls ~/.ssh</i>
78boxes. 78boxes.
79</p> 79</p>
80<pre caption = "Adding the SSH key to the box"> 80<pre caption = "Adding the SSH key to the box">
81$ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i> 81$ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i>
82</pre> 82</pre>
83</body> 83</body>
84</section> 84</section>
85<section> 85<section>
86<title>Adding the key to cvs.gentoo.org</title> 86<title>Adding the key to cvs.gentoo.org</title>
87<body> 87<body>
88<p> 88<p>
89As cvs.gentoo.org is only reachable through SSH keypair 89As cvs.gentoo.org is only reachable through SSH keypair
90authentification, you need to upload your public key to cvs.gentoo.org. 90authentification, you need to upload your public key to cvs.gentoo.org.
91To do so, you must follow the next steps: 91To do so, you must follow the next steps:
92</p> 92</p>
93<ul> 93<p>
94<li>Upload the key to dev.gentoo.org and place it in 94Upload the key to dev.gentoo.org and place it in
95<path>~/.ssh/authorized_keys</path> 95<path>~/.ssh/authorized_keys</path>
96</p>
96<pre caption = "Uploading the public key"> 97<pre caption = "Uploading the public key">
97$ <i>ssh -l yourusername dev.gentoo.org mkdir .ssh</i> 98$ <i>ssh -l yourusername dev.gentoo.org mkdir .ssh</i>
98$ <i>scp .ssh/id_dsa.pub yourusername@dev.gentoo.org:.ssh/authorized_keys</i> 99$ <i>scp .ssh/id_dsa.pub yourusername@dev.gentoo.org:.ssh/authorized_keys</i>
99Password: <comment>(Enter your dev.gentoo.org/cvs.gentoo.org password)</comment> 100Password: <comment>(Enter your dev.gentoo.org/cvs.gentoo.org password)</comment>
100</pre> 101</pre>
101</li> 102<p>
102<li>Wait one hour at most so that cvs.gentoo.org can copy the 103Wait one hour at most so that cvs.gentoo.org can copy the
103<path>authorized_keys</path> from dev.gentoo.org.</li> 104<path>authorized_keys</path> from dev.gentoo.org.
104</ul> 105</p>
105</body> 106</body>
106</section> 107</section>
107<section> 108<section>
108<title>Using keychain</title> 109<title>Using keychain</title>
109<body> 110<body>
110<p> 111<p>
111Every time you want to log on to a remote host using SSH public key 112Every time you want to log on to a remote host using SSH public key
112authentification, you will be asked to enter your passphraze. As much as 113authentification, you will be asked to enter your passphrase. As much as
113everybody likes typing, too much is sometimes too much. Luckily, 114everybody likes typing, too much is sometimes too much. Luckily,
114there is <c>keychain</c> to the rescue. There is an document on this 115there is <c>keychain</c> to the rescue. There is an document on this
115one <uri link="http://www.gentoo.org/proj/en/keychain.xml">here</uri>, 116one <uri link="http://www.gentoo.org/proj/en/keychain.xml">here</uri>,
116but I'll give you a quick introduction. 117but I'll give you a quick introduction.
117</p> 118</p>
118<p> 119<p>
119First, install <c>keychain</c>: 120First, install <c>keychain</c>:
120</p> 121</p>
121<pre caption = "Installing keychain"> 122<pre caption = "Installing keychain">
122# <i>emerge keychain</i> 123# <i>emerge keychain</i>
123</pre> 124</pre>
124<p> 125<p>
125Now have keychain load up your private ssh key when you log on to your 126Now have keychain load up your private ssh key when you log on to your
126local box. To do so, add the following to <path>~/.bash_profile</path>. 127local box. To do so, add the following to <path>~/.bash_profile</path>.
127Again, this should be done on your <e>local</e> machine where you work 128Again, this should be done on your <e>local</e> machine where you work

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.2

  ViewVC Help
Powered by ViewVC 1.1.20