SSH access to cvs.gentoo.org Sven Vermeulen This mini-guide explains on how to create and use ssh-keys, especially for use on cvs.gentoo.org. 1.0 3rd of July, 2003 SSH keys
Creating the SSH keys

First of all, be physically logged on to your own computer. Make sure that no-one will see you typing stuff in, since we are going to type in passphrases and such. So get your pepperspray and fight all untrusted entities until you are home alone.

Now we are going to create our ssh keys, DSA keys to be exact. Log onto your computer as the user that you are going to be using when you want to access cvs.gentoo.org. Then issue ssh-keygen -t dsa: 

$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/temp/.ssh/id_dsa): (Press enter)
Created directory '/home/temp/.ssh'.
Enter passphrase (empty for no passphrase): (Enter your passphrase)
Enter same passphrase again: (Enter your passphrase again)
Your identification has been saved in /home/temp/.ssh/id_dsa.
Your public key has been saved in /home/temp/.ssh/id_dsa.pub.
The key fingerprint is:
85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra
Please be sure to set a strong passphrase on your private key. Ideally, this passphrase should be at least 8 characters and contain a mixture of letters, numbers and symbols.

Now wasn't that easy? Let's see what we have created: 

# ls ~/.ssh
id_dsa  id_dsa.pub

You'll probably have more files than this, but the 2 files listed above are the ones that are really important.

The first file, id_dsa, is your private key. Don't distribute this amongst all people unless you want to get into a fight with drobbins (no, you don't want that).

If you have several (trusted!) hosts from which you want to connect to cvs.gentoo.org, you should copy id_dsa to the ~/.ssh directories on those hosts.

The second file, id_dsa.pub, is your public key. Distribute this file amongst all hosts that you want to be able to access through SSH pubkey authentification. This file should be appended to ~/.ssh/authorized_keys on those remote hosts. Also add it to your local host so you can connect to that one too if you have several boxes. 

$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Using keychain

Every time you want to log on to a remote host using SSH public key authentification, you will be asked to enter your passphrase. As much as everybody likes typing, too much is sometimes too much. Luckily, there is keychain to the rescue. There is an document on this one here, but I'll give you a quick introduction.

First, install keychain: 

# emerge keychain

Now have keychain load up your private ssh key when you log on to your local box. To do so, add the following to ~/.bash_profile. Again, this should be done on your local machine where you work at the Gentoo CVS. 

keychain ~/.ssh/id_dsa
. .keychain/hostname-sh

Be sure to substitute hostname with your hostname.