/[gentoo]/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml
Gentoo

Diff of /xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.3 Revision 1.4
1<?xml version='1.0' encoding="UTF-8"?> 1<?xml version='1.0' encoding="UTF-8"?>
2<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> 2<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
3 3
4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 4<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
5 5
6<guide link = "/proj/en/infrastructure/cvs-sshkeys.xml"> 6<guide link = "/proj/en/infrastructure/cvs-sshkeys.xml">
7<title>SSH access to cvs.gentoo.org</title> 7<title>SSH access to cvs.gentoo.org</title>
8<author title="Author"> 8<author title="Author">
9 <mail link="swift@gentoo.org">Sven Vermeulen</mail> 9 <mail link="swift@gentoo.org">Sven Vermeulen</mail>
10</author> 10</author>
11<author title="Author">
12 <mail link="robbat2@gentoo.org">Robin H. Johnson</mail>
13</author>
11<abstract> 14<abstract>
12This mini-guide explains on how to create and use ssh-keys, especially 15This mini-guide explains on how to create and use ssh-keys, especially
13for use on cvs.gentoo.org. 16for use on cvs.gentoo.org.
14</abstract> 17</abstract>
15<version>1.0</version> 18<version>1.1</version>
16<date>3rd of July, 2003</date> 19<date>2007/12/24</date>
17 20
18<chapter> 21<chapter>
19<title>SSH keys</title> 22<title>SSH keys</title>
20<section> 23<section>
21<title>Creating the SSH keys</title> 24<title>Creating the SSH keys</title>
22<body> 25<body>
23<p> 26<p>
24First of all, be physically logged on to your own computer. Make sure 27First of all, be physically logged on to your own computer. Make sure
25that no-one will see you typing stuff in, since we are going to type in 28that no-one will see you typing stuff in, since we are going to type in
26passphrases and such. So get your pepperspray and fight all untrusted 29passphrases and such. So get your pepperspray and fight all untrusted
27entities until you are home alone. 30entities until you are home alone.
28</p> 31</p>
29<p> 32<p>
30Now we are going to create our ssh keys, DSA keys to be exact. Log onto 33Now we are going to create our ssh keys, DSA keys to be exact. Log onto
31your computer as the user that you are going to be using when you want 34your computer as the user that you are going to be using when you want
71</warn> 74</warn>
72<p> 75<p>
73The second file, <path>id_dsa.pub</path>, is your <e>public</e> key. 76The second file, <path>id_dsa.pub</path>, is your <e>public</e> key.
74Distribute this file amongst all hosts that you want to be able to 77Distribute this file amongst all hosts that you want to be able to
75access through SSH pubkey authentification. This file should be appended 78access through SSH pubkey authentification. This file should be appended
76to <path>~/.ssh/authorized_keys</path> on those remote hosts. Also add it 79to <path>~/.ssh/authorized_keys</path> on those remote hosts. Also add it
77to your local host so you can connect to that one too if you have several 80to your local host so you can connect to that one too if you have several
78boxes. 81boxes.
79</p> 82</p>
80<pre caption = "Adding the SSH key to the box"> 83<pre caption = "Adding the SSH key to the box">
81$ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i> 84$ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i>
82</pre> 85</pre>
83</body> 86</body>
84</section> 87</section>
85<section> 88<section>
89<title>Installing your public key on a machine using LDAP authentication for SSH</title>
90<body>
91<p>
92For most of the Gentoo infrastructure, we use LDAP to distribute user
93information including SSH public keys. On these machines,
94<path>~/.ssh/authorized_keys</path> should generally not contain your key.
95</p>
96<p>
97Instead, you should place your public key into LDAP, using
98<path>perl_ldap</path>, or <path>ldapmodify</path> directly.
99The Infrastructure <uri link="/proj/en/infrastructure/ldap.xml">LDAP
100guide</uri> describes this in more detail.
101</p>
102<pre caption = "Adding the SSH key with perl_ldap on dev.gentoo.org">
103$ <i>perl_ldap -b user -C sshPublicKey "$(cat ~/.ssh/id_dsa.pub)" &lt;username&gt;</i>
104</pre>
105<warn>Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes!</warn>
106</body>
107</section>
108<section>
86<title>Using keychain</title> 109<title>Using keychain</title>
87<body> 110<body>
88<p> 111<p>
89Every time you want to log on to a remote host using SSH public key 112Every time you want to log on to a remote host using SSH public key
90authentification, you will be asked to enter your passphrase. As much as 113authentification, you will be asked to enter your passphrase. As much as
91everybody likes typing, too much is sometimes too much. Luckily, 114everybody likes typing, too much is sometimes too much. Luckily,
92there is <c>keychain</c> to the rescue. There is an document on this 115there is <c>keychain</c> to the rescue. There is an document on this
93one <uri link="http://www.gentoo.org/proj/en/keychain.xml">here</uri>, 116one <uri link="/proj/en/keychain.xml">here</uri>,
94but I'll give you a quick introduction. 117but I'll give you a quick introduction.
95</p> 118</p>
96<p> 119<p>
97First, install <c>keychain</c>: 120First, install <c>keychain</c>:
98</p> 121</p>
99<pre caption = "Installing keychain"> 122<pre caption = "Installing keychain">
100# <i>emerge keychain</i> 123# <i>emerge keychain</i>
101</pre> 124</pre>
102<p> 125<p>
103Now have keychain load up your private ssh key when you log on to your 126Now have keychain load up your private ssh key when you log on to your
104local box. To do so, add the following to <path>~/.bash_profile</path>. 127local box. To do so, add the following to <path>~/.bash_profile</path>.
105Again, this should be done on your <e>local</e> machine where you work 128Again, this should be done on your <e>local</e> machine where you work
106at the Gentoo CVS. 129at the Gentoo CVS.
107</p> 130</p>
108<pre caption = "Add this to .bash_profile"> 131<pre caption = "Add this to .bash_profile">

Legend:
Removed from v.1.3  
changed lines
  Added in v.1.4

  ViewVC Help
Powered by ViewVC 1.1.20