[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[Alec Warner (antarus)]

antarus     11/10/14 07:56:34

  Modified:             cvs-sshkeys.xml
  Log:
  Try to be a bit more firm on key handling instructions. Frown on trusting dev.gentoo.org. Note that empty passphrases for ssh keys is a very bad offense.

Revision  Changes    Path
1.7                  xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.7&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.7&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.6&r2=1.7

Index: cvs-sshkeys.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- cvs-sshkeys.xml	26 Apr 2010 19:24:11 -0000	1.6
+++ cvs-sshkeys.xml	14 Oct 2011 07:56:34 -0000	1.7
@@ -11,6 +11,9 @@
 <author title="Author">
   <mail link="robbat2"/>
 </author>
+<author title="Author">
+  <mail link="antarus"/>
+</author>
 <author title="Editor">
   <mail link="nightmorph"/>
 </author>
@@ -20,12 +23,42 @@
 for use on cvs.gentoo.org.
 </abstract>
 
-<version>1.2</version>
-<date>2010-04-26</date>
+<version>1.3</version>
+<date>2011-10-14</date>
 
 <chapter>
 <title>SSH keys</title>
 <section>
+<title>Key Handling</title>
+<body>
+<p>
+Your SSH keypair authenticates you to Gentoo Infrastructure. Properly
+handling these keys is vital to keeping our machines safe. Please try to
+follow these guidelines.
+</p>
+
+<ul>
+  <li>Place your keys <b>only</b> on machines you trust. This means only you have root
+    on these machines and they are not shared with other users.
+  </li>
+  <li>Do not trust Gentoo Infrastructure. Do not place copies of your keys
+    on Gentoo machines (like dev.gentoo.org.) You may forward your SSH agent
+    through Gentoo managed machines if they are configured to allow users to
+    agent forward (more on forwarding later.)
+  </li>
+  <li>Encrypt your keys with a strong passphrase. If you have trouble making
+    a passphrase try emerge pwgen; pwgen -sB 25
+  </li>
+  <li>Do not access Gentoo infrastructure from untrusted machines such as business
+    kiosks at hotels, internet cafes, or machines at computer conferences. Many of these machines
+    are infected with malware.</li>
+  <li>If you believe your keys were compromised, contact infrastructure immediately.
+    You can do this via #gentoo-infra on irc.freenode.net or by emailing incidents@gentoo.org.
+  </li>
+</ul>
+</body>
+</section>
+<section>
 <title>Creating the SSH keys</title>
 <body>
 
@@ -57,13 +90,14 @@
 
 <note>
 Please be sure to set a strong passphrase on your private key.  Ideally,
-this passphrase should be at least 8 characters and contain a mixture of
+this passphrase should be at least eight characters and contain a mixture of
 letters, numbers and symbols.
 </note>
 
-<p>
-Now wasn't that easy? Let's see what we have created:
-</p>
+<warn>
+Do not set an empty passphrase on your ssh key. If infra finds out this is the
+case; your account will be suspended.
+</warn>
 
 <pre caption="Created files">
 # <i>ls ~/.ssh</i>
@@ -71,20 +105,22 @@
 </pre>
 
 <p>
-You'll probably have more files than this, but the 2 files listed above
+You may have more files than this, but the two files listed above
 are the ones that are really important.
 </p>
 
 <p>
 The first file, <path>id_dsa</path>, is your <e>private</e> key. Don't
-distribute this amongst all people unless you want to get into a fight
-with drobbins (no, you don't want that). 
+give this to anyone; never decrypt it on an untrusted machine. Gentoo Staff
+will never ask you for a copy of your private key.
 </p>
 
 <warn>
-If you have several (<e>trusted!</e>) hosts from which you want to 
-connect to cvs.gentoo.org, you should copy <path>id_dsa</path> to the
-<path>~/.ssh</path> directories on those hosts.
+Be very careful which machines you put your private key on. If you have
+several (<e>trusted!</e>) hosts from which you want to connect to 
+cvs.gentoo.org, you should copy <path>id_dsa</path> to the
+<path>~/.ssh</path> directories on those hosts. Trusted machines are machines
+that only you have root on; these machines are not shared with other users.
 </warn>
 
 <p>
@@ -114,14 +150,14 @@
 using the following procedure.
 </note>
 
-<p>
+<note>
 For most of the Gentoo infrastructure, we use LDAP to distribute user
 information including SSH public keys. On these machines,
 <path>~/.ssh/authorized_keys</path> should generally not contain your key.
-</p>
+</note>
 
 <p>
-Instead, you should place your public key into LDAP, using
+You should place your public key into LDAP, using
 <path>perl_ldap</path>, or <path>ldapmodify</path> directly.
 The Infrastructure <uri link="/proj/en/infrastructure/ldap.xml">LDAP
 guide</uri> describes this in more detail.
@@ -164,6 +200,10 @@
 should be done on your <e>local</e> machine where you work at the Gentoo CVS.
 </p>
 
+<warn>
+<b>NEVER</b> run keychain or decrypt your private key on an untrusted host.
+</warn>
+
 <pre caption="Add this to .bash_profile">
 keychain ~/.ssh/id_dsa
 . .keychain/<comment>hostname</comment>-sh

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[Alex Legler (a3li)]

a3li        13/09/19 19:58:58

  Modified:             cvs-sshkeys.xml
  Log:
  redirect to wiki.g.o

Revision  Changes    Path
1.10                 xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.10&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.10&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.9&r2=1.10

Index: cvs-sshkeys.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- cvs-sshkeys.xml	6 Jan 2013 18:03:56 -0000	1.9
+++ cvs-sshkeys.xml	19 Sep 2013 19:58:58 -0000	1.10
@@ -2,7 +2,7 @@
 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
-<guide>
+<guide disclaimer="obsolete" redirect="http://wiki.gentoo.org/wiki/Project:Infrastructure/SSH_Key_Guide">
 <title>SSH access to cvs.gentoo.org</title>
 
 <author title="Author">

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[Alec Warner (antarus)]

antarus     13/01/06 18:03:56

  Modified:             cvs-sshkeys.xml
  Log:
  Update key guidelines to something recent.

Revision  Changes    Path
1.9                  xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.9&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.9&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.8&r2=1.9

Index: cvs-sshkeys.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- cvs-sshkeys.xml	11 Mar 2012 19:44:22 -0000	1.8
+++ cvs-sshkeys.xml	6 Jan 2013 18:03:56 -0000	1.9
@@ -23,8 +23,8 @@
 for use on cvs.gentoo.org.
 </abstract>
 
-<version>1.3</version>
-<date>2011-10-14</date>
+<version>1.4</version>
+<date>2012-05-28</date>
 
 <chapter>
 <title>SSH keys</title>
@@ -34,7 +34,7 @@
 <p>
 Your SSH keypair authenticates you to Gentoo Infrastructure. Properly
 handling these keys is vital to keeping our machines safe. Please try to
-follow these guidelines.
+follow these guidelines:
 </p>
 
 <ul>
@@ -74,20 +74,21 @@
 </p>
 
 <p>
-Now we are going to create our ssh keys, DSA keys to be exact. Log onto
+Now we are going to create our ssh keys, RSA keys to be exact. The key should
+be at least 2048 bits in length, but 4096 bits is recommended. Log onto
 your computer as the user that you are going to be using when you want
-to access cvs.gentoo.org. Then issue <c>ssh-keygen -t dsa</c>:
+to access cvs.gentoo.org. Then issue <c>ssh-keygen -t rsa -b 4096</c>:
 </p>
 
 <pre caption="Creating SSH keys">
-$ <i>ssh-keygen -t dsa</i>
-Generating public/private dsa key pair.
-Enter file in which to save the key (/home/temp/.ssh/id_dsa): <comment>(Press enter)</comment>
+$ <i>ssh-keygen -t rsa -b 4096</i>
+Generating public/private rsa key pair.
+Enter file in which to save the key (/home/temp/.ssh/id_rsa): <comment>(Press enter)</comment>
 Created directory '/home/temp/.ssh'.
 Enter passphrase (empty for no passphrase): <comment>(Enter your passphrase)</comment>
 Enter same passphrase again: <comment>(Enter your passphrase again)</comment>
-Your identification has been saved in /home/temp/.ssh/id_dsa.
-Your public key has been saved in /home/temp/.ssh/id_dsa.pub.
+Your identification has been saved in /home/temp/.ssh/id_rsa.
+Your public key has been saved in /home/temp/.ssh/id_rsa.pub.
 The key fingerprint is:
 85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 user@examplehost <comment>This is the fingerprint of your new key</comment>
 </pre>
@@ -105,7 +106,7 @@
 
 <pre caption="Created files">
 # <i>ls ~/.ssh</i>
-id_dsa  id_dsa.pub
+id_rsa  id_rsa.pub
 </pre>
 
 <p>
@@ -114,7 +115,7 @@
 </p>
 
 <p>
-The first file, <path>id_dsa</path>, is your <e>private</e> key. Don't
+The first file, <path>id_rsa</path>, is your <e>private</e> key. Don't
 give this to anyone; never decrypt it on an untrusted machine. Gentoo Staff
 will never ask you for a copy of your private key.
 </p>
@@ -122,13 +123,13 @@
 <warn>
 Be very careful which machines you put your private key on. If you have
 several (<e>trusted!</e>) hosts from which you want to connect to 
-cvs.gentoo.org, you should copy <path>id_dsa</path> to the
+cvs.gentoo.org, you should copy <path>id_rsa</path> to the
 <path>~/.ssh</path> directories on those hosts. Trusted machines are machines
 that only you have root on; these machines are not shared with other users.
 </warn>
 
 <p>
-The second file, <path>id_dsa.pub</path>, is your <e>public</e> key.
+The second file, <path>id_rsa.pub</path>, is your <e>public</e> key.
 Distribute this file amongst all hosts that you want to be able to
 access through SSH pubkey authentification. This file should be appended
 to <path>~/.ssh/authorized_keys</path> on those remote hosts. Also add it
@@ -137,7 +138,7 @@
 </p>
 
 <pre caption="Adding the SSH key to the box">
-$ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i>
+$ <i>cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys</i>
 </pre>
 
 </body>
@@ -168,7 +169,7 @@
 </p>
 
 <pre caption="Adding the SSH key with perl_ldap on dev.gentoo.org">
-$ <i>perl_ldap -b user -C sshPublicKey "$(cat ~/.ssh/id_dsa.pub)" &lt;username&gt;</i>
+$ <i>perl_ldap -b user -C sshPublicKey "$(cat ~/.ssh/id_rsa.pub)" &lt;username&gt;</i>
 </pre>
 
 <warn>
@@ -209,7 +210,7 @@
 </warn>
 
 <pre caption="Add this to .bash_profile">
-keychain ~/.ssh/id_dsa
+keychain ~/.ssh/id_rsa
 . .keychain/<comment>hostname</comment>-sh
 </pre>
 

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[Robin H. Johnson (robbat2)]

robbat2     12/03/11 19:44:22

  Modified:             cvs-sshkeys.xml
  Log:
  Add link to official SSH fingerprints, and clarify that the fingerprint on the page is from the output of ssh-keygen.

Revision  Changes    Path
1.8                  xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.8&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.8&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.7&r2=1.8

Index: cvs-sshkeys.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -p -w -b -B -u -u -r1.7 -r1.8
--- cvs-sshkeys.xml	14 Oct 2011 07:56:34 -0000	1.7
+++ cvs-sshkeys.xml	11 Mar 2012 19:44:22 -0000	1.8
@@ -38,7 +38,7 @@ follow these guidelines.
 </p>
 
 <ul>
-  <li>Place your keys <b>only</b> on machines you trust. This means only you have root
+  <li>Place your private keys <b>only</b> on machines you trust. This means only you have root
     on these machines and they are not shared with other users.
   </li>
   <li>Do not trust Gentoo Infrastructure. Do not place copies of your keys
@@ -55,6 +55,10 @@ follow these guidelines.
   <li>If you believe your keys were compromised, contact infrastructure immediately.
     You can do this via #gentoo-infra on irc.freenode.net or by emailing incidents@gentoo.org.
   </li>
+  <li>Official hostkey fingerprints for Gentoo Infrastructure servers are
+    available on the <uri link="/proj/en/infrastructure/server-specs"> server
+    specifications </uri> page.
+  </li>
 </ul>
 </body>
 </section>
@@ -85,7 +89,7 @@ Enter same passphrase again: <comment>(E
 Your identification has been saved in /home/temp/.ssh/id_dsa.
 Your public key has been saved in /home/temp/.ssh/id_dsa.pub.
 The key fingerprint is:
-85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra
+85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 user@examplehost <comment>This is the fingerprint of your new key</comment>
 </pre>
 
 <note>

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[Joshua Saddler (nightmorph)]

nightmorph    10/04/26 19:24:11

  Modified:             cvs-sshkeys.xml
  Log:
  remove dead keychain project, replace with link to /doc/en/keychain-guide.xml. also went through the whole doc and edited for GuideXML code standards

Revision  Changes    Path
1.6                  xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.6&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.6&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.5&r2=1.6

Index: cvs-sshkeys.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- cvs-sshkeys.xml	23 May 2008 02:48:37 -0000	1.5
+++ cvs-sshkeys.xml	26 Apr 2010 19:24:11 -0000	1.6
@@ -1,40 +1,48 @@
 <?xml version='1.0' encoding="UTF-8"?>
 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
-
 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
 
-<guide link = "/proj/en/infrastructure/cvs-sshkeys.xml">
+<guide>
 <title>SSH access to cvs.gentoo.org</title>
+
 <author title="Author">
-    <mail link="swift@gentoo.org">Sven Vermeulen</mail>
+  <mail link="swift"/>
 </author>
 <author title="Author">
-    <mail link="robbat2@gentoo.org">Robin H. Johnson</mail>
+  <mail link="robbat2"/>
+</author>
+<author title="Editor">
+  <mail link="nightmorph"/>
 </author>
+
 <abstract>
 This mini-guide explains on how to create and use ssh-keys, especially
 for use on cvs.gentoo.org.
 </abstract>
-<version>1.1</version>
-<date>2007/12/24</date>
+
+<version>1.2</version>
+<date>2010-04-26</date>
 
 <chapter>
 <title>SSH keys</title>
 <section>
 <title>Creating the SSH keys</title>
 <body>
+
 <p>
 First of all, be physically logged on to your own computer. Make sure
 that no-one will see you typing stuff in, since we are going to type in
 passphrases and such. So get your pepperspray and fight all untrusted
 entities until you are home alone.
 </p>
+
 <p>
 Now we are going to create our ssh keys, DSA keys to be exact. Log onto
 your computer as the user that you are going to be using when you want
 to access cvs.gentoo.org. Then issue <c>ssh-keygen -t dsa</c>:
 </p>
-<pre caption = "Creating SSH keys">
+
+<pre caption="Creating SSH keys">
 $ <i>ssh-keygen -t dsa</i>
 Generating public/private dsa key pair.
 Enter file in which to save the key (/home/temp/.ssh/id_dsa): <comment>(Press enter)</comment>
@@ -46,32 +54,39 @@
 The key fingerprint is:
 85:35:81:a0:87:56:78:a2:da:53:6c:63:32:d1:34:48 temp@Niandra
 </pre>
+
 <note>
 Please be sure to set a strong passphrase on your private key.  Ideally,
 this passphrase should be at least 8 characters and contain a mixture of
 letters, numbers and symbols.
 </note>
+
 <p>
 Now wasn't that easy? Let's see what we have created:
 </p>
-<pre caption = "Created files">
+
+<pre caption="Created files">
 # <i>ls ~/.ssh</i>
 id_dsa  id_dsa.pub
 </pre>
+
 <p>
 You'll probably have more files than this, but the 2 files listed above
 are the ones that are really important.
 </p>
+
 <p>
 The first file, <path>id_dsa</path>, is your <e>private</e> key. Don't
 distribute this amongst all people unless you want to get into a fight
 with drobbins (no, you don't want that). 
 </p>
+
 <warn>
 If you have several (<e>trusted!</e>) hosts from which you want to 
 connect to cvs.gentoo.org, you should copy <path>id_dsa</path> to the
 <path>~/.ssh</path> directories on those hosts.
 </warn>
+
 <p>
 The second file, <path>id_dsa.pub</path>, is your <e>public</e> key.
 Distribute this file amongst all hosts that you want to be able to
@@ -80,64 +95,84 @@
 to your local host so you can connect to that one too if you have several
 boxes.
 </p>
-<pre caption = "Adding the SSH key to the box">
+
+<pre caption="Adding the SSH key to the box">
 $ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys</i>
 </pre>
+
 </body>
 </section>
 <section>
-<title>Installing your public key on a machine using LDAP authentication for SSH</title>
+<title>
+  Installing your public key on a machine using LDAP authentication for SSH
+</title>
 <body>
-<note>If you are a new developer, your recruiter will put your first SSH key
-into LDAP, so that you can login. You can then add any additional SSH keys
-yourself using the following procedure.</note>
+
+<note>
+If you are a new developer, your recruiter will put your first SSH key into
+LDAP, so that you can login. You can then add any additional SSH keys yourself
+using the following procedure.
+</note>
+
 <p>
 For most of the Gentoo infrastructure, we use LDAP to distribute user
 information including SSH public keys. On these machines,
 <path>~/.ssh/authorized_keys</path> should generally not contain your key.
 </p>
+
 <p>
 Instead, you should place your public key into LDAP, using
 <path>perl_ldap</path>, or <path>ldapmodify</path> directly.
 The Infrastructure <uri link="/proj/en/infrastructure/ldap.xml">LDAP
 guide</uri> describes this in more detail.
 </p>
-<pre caption = "Adding the SSH key with perl_ldap on dev.gentoo.org">
+
+<pre caption="Adding the SSH key with perl_ldap on dev.gentoo.org">
 $ <i>perl_ldap -b user -C sshPublicKey "$(cat ~/.ssh/id_dsa.pub)" &lt;username&gt;</i>
 </pre>
-<warn>Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes!</warn>
+
+<warn>
+Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes!
+</warn>
+
 </body>
 </section>
 <section>
 <title>Using keychain</title>
 <body>
+
 <p>
 Every time you want to log on to a remote host using SSH public key
 authentification, you will be asked to enter your passphrase. As much as
-everybody likes typing, too much is sometimes too much. Luckily,
-there is <c>keychain</c> to the rescue. There is an document on this 
-one <uri link="/proj/en/keychain.xml">here</uri>, 
-but I'll give you a quick introduction.
+everybody likes typing, too much is sometimes too much. Luckily, there is
+<c>keychain</c> to the rescue. There is an document on this one <uri
+link="/doc/en/keychain-guide.xml">here</uri>, but I'll give you a quick
+introduction.
 </p>
+
 <p>
 First, install <c>keychain</c>:
 </p>
-<pre caption = "Installing keychain">
+
+<pre caption="Installing keychain">
 # <i>emerge keychain</i>
 </pre>
+
 <p>
-Now have keychain load up your private ssh key when you log on to your
-local box. To do so, add the following to <path>~/.bash_profile</path>.
-Again, this should be done on your <e>local</e> machine where you work
-at the Gentoo CVS.
+Now have keychain load up your private ssh key when you log on to your local
+box. To do so, add the following to <path>~/.bash_profile</path>.  Again, this
+should be done on your <e>local</e> machine where you work at the Gentoo CVS.
 </p>
-<pre caption = "Add this to .bash_profile">
+
+<pre caption="Add this to .bash_profile">
 keychain ~/.ssh/id_dsa
 . .keychain/<comment>hostname</comment>-sh
 </pre>
+
 <p>
 Be sure to substitute <c>hostname</c> with your hostname.
 </p>
+
 </body>
 </section>
 </chapter>

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[Robin H. Johnson (robbat2)]

robbat2     08/05/23 02:48:37

  Modified:             cvs-sshkeys.xml
  Log:
  Add note about SSH keys being added by recruiters per bug 220685

Revision  Changes    Path
1.5                  xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.4&r2=1.5

Index: cvs-sshkeys.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -p -w -b -B -u -u -r1.4 -r1.5
--- cvs-sshkeys.xml	24 Dec 2007 09:21:44 -0000	1.4
+++ cvs-sshkeys.xml	23 May 2008 02:48:37 -0000	1.5
@@ -88,6 +88,9 @@ $ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/aut
 <section>
 <title>Installing your public key on a machine using LDAP authentication for SSH</title>
 <body>
+<note>If you are a new developer, your recruiter will put your first SSH key
+into LDAP, so that you can login. You can then add any additional SSH keys
+yourself using the following procedure.</note>
 <p>
 For most of the Gentoo infrastructure, we use LDAP to distribute user
 information including SSH public keys. On these machines,



-- 
gentoo-commits@lists.gentoo.org mailing list

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: cvs-sshkeys.xml

[Robin H. Johnson (robbat2)]

robbat2     07/12/24 09:21:44

  Modified:             cvs-sshkeys.xml
  Log:
  Update the old SSH key doc for LDAP.

Revision  Changes    Path
1.4                  xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml?r1=1.3&r2=1.4

Index: cvs-sshkeys.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/cvs-sshkeys.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -p -w -b -B -u -u -r1.3 -r1.4
--- cvs-sshkeys.xml	5 Jul 2007 03:49:56 -0000	1.3
+++ cvs-sshkeys.xml	24 Dec 2007 09:21:44 -0000	1.4
@@ -8,12 +8,15 @@
 <author title="Author">
     <mail link="swift@gentoo.org">Sven Vermeulen</mail>
 </author>
+<author title="Author">
+    <mail link="robbat2@gentoo.org">Robin H. Johnson</mail>
+</author>
 <abstract>
 This mini-guide explains on how to create and use ssh-keys, especially
 for use on cvs.gentoo.org.
 </abstract>
-<version>1.0</version>
-<date>3rd of July, 2003</date>
+<version>1.1</version>
+<date>2007/12/24</date>
 
 <chapter>
 <title>SSH keys</title>
@@ -83,6 +86,26 @@ $ <i>cat ~/.ssh/id_dsa.pub >> ~/.ssh/aut
 </body>
 </section>
 <section>
+<title>Installing your public key on a machine using LDAP authentication for SSH</title>
+<body>
+<p>
+For most of the Gentoo infrastructure, we use LDAP to distribute user
+information including SSH public keys. On these machines,
+<path>~/.ssh/authorized_keys</path> should generally not contain your key.
+</p>
+<p>
+Instead, you should place your public key into LDAP, using
+<path>perl_ldap</path>, or <path>ldapmodify</path> directly.
+The Infrastructure <uri link="/proj/en/infrastructure/ldap.xml">LDAP
+guide</uri> describes this in more detail.
+</p>
+<pre caption = "Adding the SSH key with perl_ldap on dev.gentoo.org">
+$ <i>perl_ldap -b user -C sshPublicKey "$(cat ~/.ssh/id_dsa.pub)" &lt;username&gt;</i>
+</pre>
+<warn>Each <path>sshPublicKey</path> attribute must contain exactly one public key. If you have multiple public keys, you must have multiple attributes!</warn>
+</body>
+</section>
+<section>
 <title>Using keychain</title>
 <body>
 <p>
@@ -90,7 +113,7 @@ Every time you want to log on to a remot
 authentification, you will be asked to enter your passphrase. As much as
 everybody likes typing, too much is sometimes too much. Luckily,
 there is <c>keychain</c> to the rescue. There is an document on this 
-one <uri link="http://www.gentoo.org/proj/en/keychain.xml">here</uri>, 
+one <uri link="/proj/en/keychain.xml">here</uri>, 
 but I'll give you a quick introduction.
 </p>
 <p>



-- 
gentoo-commits@gentoo.org mailing list