Thought I might detail my experiences with establishing a private-public key pair in order to use tahoe-manager to update from the CVS repository. I'm using Linux RedHat Enterprise.
Along with this post you may also want to read this post:
First, make the private-public key pair on your local machine. It should look like this:
[HTML][prompt@localmachine %] ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/rkraft/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rkraft/.ssh/id_dsa.
Your public key has been saved in /home/rkraft/.ssh/id_dsa.pub.
The key fingerprint is:
NOTE: if you enter an new file name above to save the key, it may cause problems later on while accessing the CVS repository at SourceForge. For example, originally I typed id_dsa_tahoe for the key pair file name, which worked on the development server at tahoe.colorado.edu, but did not work for tahoe.cvs.sourceforge.net because the authorized_key file at SourceForge looks for id_dsa by default. If you want to name the key pair something other than id_dsa, I will discribe what to do below.
In the meantime we NEXT: Check to make sure id_dsa and id_dsa.pub were created in ~/.ssh :
[HTML][prompt@localmachine %] ls -ltr ~/.ssh/
-rw-r--r-- 1 rkraft users 3467 Aug 27 15:34 known_hosts
-rw------- 1 rkraft users 248 Sep 12 15:03 config
-rw------- 1 rkraft users 616 Sep 12 15:14 id_dsa.pub
-rw------- 1 rkraft users 672 Sep 12 15:14 id_dsa
If you are not a developer (i.e., you do not have access to tahoe.colorado.edu) and/or you just need access to the CVS repository at Sourceforge, you will need to log on to SourceForge and go the "Account Options" section.
On that web page you should see a link to [Edit SSH Keys for Shell/CVS] under the Host Access Information section. Click it and copy and paste your public key from the id_dsa.pub file. See attached picture. [img]CVS_SourceForge.jpg[/img] You will have to wait 10 minutes for it to register.
If you named your public key id_dsa when you generated it, and have waited 10 minute or so, you should now be able to access the CVS repository without needing to enter you password. NOTE: If you used a different name other than "id_dsa.pub" you will need to use the following command to access SourceForge without having to use a password:
[HTML][prompt@localmachine %] ssh -i id_dsa_filename
For the developers, the next step is to copy id_dsa.pub to tahoe.colorado.edu and add it to the list in the authorized_keys file located in ~/.ssh (NOTE: you may need to create the .ssh directory yourself). We do this in a series of steps . First, copy the file to your home directory at tahoe.colorado.edu :
[HTML][prompt@localmachine %] scp ~/.ssh/id_dsa.pub
Then, log onto tahoe.colorado.edu add it to the list of public keys in the authorized_key file:
[HTML][firstname.lastname@example.org %] cat ~/temp.pub >> ~/.ssh/authorized_keys
Next, Apply the correct permissions,
[HTML][email@example.com %] chmod 600 ~/.ssh/authorized_keys
For many of you out there, you should now be able to access tahoe.cvs.sourceforge.net and tahoe.colorado.edu without needing to enter your password. However, it was not the case for me since I was dealing with some additional security constraints. This is what I had to do:
When you ssh, use:
[HTML]prompt@localmachine %] ssh -o PreferredAuthentications=publickey
or to save some typing, create a file in your .ssh directory call "config" and add the following lines for accessing both tahoe.cvs.sourceforge.net and tahoe.colorado.edu:
It is easiest if you just stick with using id_dsa for the name of the private-public key pair.
NOTE: Depending on your settings, you may instead need to use:
For this beware, because I don't think SourceForge supports authentication by password or keyboard-interactive. See http://alexandria.wiki.sourceforge.net/SSH+Key+Generation
Hope this helps someone.