Contents of /xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.1 - (hide annotations) (download) (as text)
Thu Aug 28 00:56:31 2003 UTC (14 years, 7 months ago) by klieber
Branch: MAIN
File MIME type: application/xml
bunch of changes

1 klieber 1.1 <?xml version='1.0' encoding="UTF-8"?>
2     <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
4     <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
6     <guide link = "/proj/en/infrastructure/cvs-sshkeys.xml">
7     <title>SSH access to cvs.gentoo.org</title>
8     <author title="Author">
9     <mail link="swift@gentoo.org">Sven Vermeulen</mail>
10     </author>
11     <abstract>
12     This mini-guide explains on how to create and use ssh-keys, especially
13     for use on cvs.gentoo.org.
14     </abstract>
15     <version>1.0</version>
16     <date>3rd of July, 2003</date>
18     <chapter>
19     <title>SSH keys</title>
20     <section>
21     <title>Creating the SSH keys</title>
22     <body>
23     <p>
24     First of all, be physically logged on to your own computer. Make sure
25     that no-one will see you typing stuff in, since we are going to type in
26     passphrazes and such. So get your pepperspray and fight all untrusted
27     entities until you are home alone.
28     </p>
29     <p>
30     Now we are going to create our ssh keys, DSA keys to be exact. Log onto
31     your computer as the user that you are going to be using when you want
32     to access cvs.gentoo.org. Then issue <c>ssh-keygen -t dsa</c>:
33     </p>
34     <pre caption = "Creating SSH keys">
35     $ <i>ssh-keygen -t dsa</i>
36     Generating public/private dsa key pair.
37     Enter file in which to save the key (/home/temp/.ssh/id_dsa): <comment>(Press enter)</comment>
38     Created directory '/home/temp/.ssh'.
39     Enter passphrase (empty for no passphrase): <comment>(Enter your passphraze)</comment>
40     Enter same passphrase again: <comment>(Enter your passphraze again)</comment>
41     Your identification has been saved in /home/temp/.ssh/id_dsa.
42     Your public key has been saved in /home/temp/.ssh/id_dsa.pub.
43     The key fingerprint is:
44     85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra
45     </pre>
46     <note>
47     Please be sure to set a strong passphrase on your private key. Ideally,
48     this passphrase should be at least 8 characters and contain a mixture of
49     letters, numbers and symbols.
50     </note>
51     <p>
52     Now wasn't that easy? Let's see what we have created:
53     </p>
54     <pre caption = "Created files">
55     # <i>ls ~/.ssh</i>
56     id_dsa id_dsa.pub
57     </pre>
58     <p>
59     You'll probably have more files than this, but the 2 files listed above
60     are the ones that are really important.
61     </p>
62     <p>
63     The first file, <path>id_dsa</path>, is your <e>private</e> key. Don't
64     distribute this amongst all people unless you want to get into a fight
65     with drobbins (no, you don't want that).
66     </p>
67     <warn>
68     If you have several (<e>trusted!</e>) hosts from which you want to
69     connect to cvs.gentoo.org, you should copy <path>id_dsa</path> to the
70     <path>~/.ssh</path> directories on those hosts.
71     </warn>
72     <p>
73     The second file, <path>id_dsa.pub</path>, is your <e>public</e> key.
74     Distribute this file amongst all hosts that you want to be able to
75     access through SSH pubkey authentification. This file should be appended
76     to <path>~/.ssh/authorized_keys</path> on those remote hosts. Also add it
77     to your local host so you can connect to that one too if you have several
78     boxes.
79     </p>
80     <pre caption = "Adding the SSH key to the box">
81     $ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i>
82     </pre>
83     </body>
84     </section>
85     <section>
86     <title>Adding the key to cvs.gentoo.org</title>
87     <body>
88     <p>
89     As cvs.gentoo.org is only reachable through SSH keypair
90     authentification, you need to upload your public key to cvs.gentoo.org.
91     To do so, you must follow the next steps:
92     </p>
93     <ul>
94     <li>Upload the key to dev.gentoo.org and place it in
95     <path>~/.ssh/authorized_keys</path>
96     <pre caption = "Uploading the public key">
97     $ <i>ssh -l yourusername dev.gentoo.org mkdir .ssh</i>
98     $ <i>scp .ssh/id_dsa.pub yourusername@dev.gentoo.org:.ssh/authorized_keys</i>
99     Password: <comment>(Enter your dev.gentoo.org/cvs.gentoo.org password)</comment>
100     </pre>
101     </li>
102     <li>Wait one hour at most so that cvs.gentoo.org can copy the
103     <path>authorized_keys</path> from dev.gentoo.org.</li>
104     </ul>
105     </body>
106     </section>
107     <section>
108     <title>Using keychain</title>
109     <body>
110     <p>
111     Every time you want to log on to a remote host using SSH public key
112     authentification, you will be asked to enter your passphraze. As much as
113     everybody likes typing, too much is sometimes too much. Luckily,
114     there is <c>keychain</c> to the rescue. There is an document on this
115     one <uri link="http://www.gentoo.org/proj/en/keychain.xml">here</uri>,
116     but I'll give you a quick introduction.
117     </p>
118     <p>
119     First, install <c>keychain</c>:
120     </p>
121     <pre caption = "Installing keychain">
122     # <i>emerge keychain</i>
123     </pre>
124     <p>
125     Now have keychain load up your private ssh key when you log on to your
126     local box. To do so, add the following to <path>~/.bash_profile</path>.
127     Again, this should be done on your <e>local</e> machine where you work
128     at the Gentoo CVS.
129     </p>
130     <pre caption = "Add this to .bash_profile">
131     keychain ~/.ssh/id_dsa
132     . .keychain/<comment>hostname</comment>-sh
133     </pre>
134     <p>
135     Be sure to substitute <c>hostname</c> with your hostname.
136     </p>
137     </body>
138     </section>
139     </chapter>
140     </guide>

  ViewVC Help
Powered by ViewVC 1.1.20