Establishing a Private - Public Key Pair

Establishing a Private - Public Key Pair

Postby rkraft » Fri Sep 12, 2008 1:09 pm

Hello,

Thought I might detail my experiences with establishing a private-public key pair in order to use tahoe-manager to update from the CVS repository. I'm using Linux RedHat Enterprise.

Along with this post you may also want to read this post:
https://www.paklein.com/tahoe/forums/showthread.php?t=387&highlight=Public+Key


First, make the private-public key pair on your local machine. It should look like this:

[HTML][prompt@localmachine %] ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/rkraft/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rkraft/.ssh/id_dsa.
Your public key has been saved in /home/rkraft/.ssh/id_dsa.pub.
The key fingerprint is:
##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:## username@hostname
[/HTML]

NOTE: if you enter an new file name above to save the key, it may cause problems later on while accessing the CVS repository at SourceForge. For example, originally I typed id_dsa_tahoe for the key pair file name, which worked on the development server at tahoe.colorado.edu, but did not work for tahoe.cvs.sourceforge.net because the authorized_key file at SourceForge looks for id_dsa by default. If you want to name the key pair something other than id_dsa, I will discribe what to do below.

In the meantime we NEXT: Check to make sure id_dsa and id_dsa.pub were created in ~/.ssh :
[HTML][prompt@localmachine %] ls -ltr ~/.ssh/
total 24
-rw-r--r-- 1 rkraft users 3467 Aug 27 15:34 known_hosts
-rw------- 1 rkraft users 248 Sep 12 15:03 config
-rw------- 1 rkraft users 616 Sep 12 15:14 id_dsa.pub
-rw------- 1 rkraft users 672 Sep 12 15:14 id_dsa
[/HTML]

If you are not a developer (i.e., you do not have access to tahoe.colorado.edu) and/or you just need access to the CVS repository at Sourceforge, you will need to log on to SourceForge and go the "Account Options" section.

On that web page you should see a link to [Edit SSH Keys for Shell/CVS] under the Host Access Information section. Click it and copy and paste your public key from the id_dsa.pub file. See attached picture. [img]CVS_SourceForge.jpg[/img] You will have to wait 10 minutes for it to register.

If you named your public key id_dsa when you generated it, and have waited 10 minute or so, you should now be able to access the CVS repository without needing to enter you password. NOTE: If you used a different name other than "id_dsa.pub" you will need to use the following command to access SourceForge without having to use a password:

[HTML][prompt@localmachine %] ssh -i id_dsa_filename
sourceforge_username@tahoe.cvs.sourceforge.net
[/HTML]


For the developers
, the next step is to copy id_dsa.pub to tahoe.colorado.edu and add it to the list in the authorized_keys file located in ~/.ssh (NOTE: you may need to create the .ssh directory yourself). We do this in a series of steps . First, copy the file to your home directory at tahoe.colorado.edu :

[HTML][prompt@localmachine %] scp ~/.ssh/id_dsa.pub
username@tahoe.colorado.edu:~/temp.pub
[/HTML]

Then, log onto tahoe.colorado.edu add it to the list of public keys in the authorized_key file:

[HTML][prompt@tahoe.colorado.edu %] cat ~/temp.pub >> ~/.ssh/authorized_keys
[/HTML]

Next, Apply the correct permissions,
[HTML][prompt@tahoe.colorado.edu %] chmod 600 ~/.ssh/authorized_keys
[/HTML]

For many of you out there, you should now be able to access tahoe.cvs.sourceforge.net and tahoe.colorado.edu without needing to enter your password. However, it was not the case for me since I was dealing with some additional security constraints. This is what I had to do:

When you ssh, use:

[HTML]prompt@localmachine %] ssh -o PreferredAuthentications=publickey
tahoe.colorado.edu
[/HTML]

or to save some typing, create a file in your .ssh directory call "config" and add the following lines for accessing both tahoe.cvs.sourceforge.net and tahoe.colorado.edu:


[HTML]Host tahoe.cvs.sourceforge.net
IdentityFile ~/.ssh/id_dsa
PreferredAuthentications publickey
Host tahoe.colorado.edu
IdentityFile ~/.ssh/id_dsa
PreferredAuthentications publickey
Host *
PreferredAuthentications gssapi-with-mic
[/HTML]

It is easiest if you just stick with using id_dsa for the name of the private-public key pair.

NOTE: Depending on your settings, you may instead need to use:
PreferredAuthentications gssapi-with-mic,password,keyboard-interactive
For this beware, because I don't think SourceForge supports authentication by password or keyboard-interactive. See http://alexandria.wiki.sourceforge.net/SSH+Key+Generation


Hope this helps someone. :)
Attachments
CVS_SourceForge.jpg
CVS_SourceForge.jpg (67.39 KiB) Viewed 4739 times
rkraft
Junior Member
 
Posts: 6
Joined: Tue Aug 19, 2008 11:44 am
Location: Baltimore, MD

Return to CVS

Who is online

Users browsing this forum: No registered users and 1 guest

cron