[deployment-guide/comm-rel: 31/41] Moved the Generating Key Pairs section.
dsilas
dsilas at fedoraproject.org
Fri Jul 16 08:54:30 UTC 2010
commit 1b05fc13eb5d7434c0fbf3f9ceb5b270d1d3f0f2
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Wed Jul 14 16:55:09 2010 +0200
Moved the Generating Key Pairs section.
en-US/OpenSSH.xml | 564 ++++++++++++++++++++++++++--------------------------
1 files changed, 282 insertions(+), 282 deletions(-)
---
diff --git a/en-US/OpenSSH.xml b/en-US/OpenSSH.xml
index 2434096..a464cb2 100644
--- a/en-US/OpenSSH.xml
+++ b/en-US/OpenSSH.xml
@@ -510,7 +510,7 @@ It is also possible that the RSA host key has just been changed.</screen>
To prevent this, you can backup the relevant files from the <filename class="directory">/etc/ssh/</filename> directory (see <xref linkend="table-ssh-configuration-configs-system" /> for a complete list), and restore them whenever you reinstall the system.
</para>
</section>
- <section id="s2-ssh-requiring">
+ <section id="s2-ssh-configuration-requiring">
<title>Requiring SSH for Remote Connections</title>
<indexterm>
<primary>SSH protocol</primary>
@@ -534,6 +534,287 @@ It is also possible that the RSA host key has just been changed.</screen>
For more information on runlevels and configuring services in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />.
</para>
</section>
+ <section id="s2-ssh-configuration-keypairs">
+ <title>Generating Key Pairs</title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>generating key pairs</secondary>
+ </indexterm>
+ <para>
+ If you do not want to enter your password every time you use <command>ssh</command>, <command>scp</command>, or <command>sftp</command> to connect to a remote machine, you can generate an authorization key pair.
+ </para>
+ <para>
+ Keys must be generated for each user. To generate keys for a user, use the following steps as the user who wants to connect to remote machines. If you complete the steps as root, only root will be able to use the keys.
+ </para>
+ <para>
+ Starting with OpenSSH version 3.0, <filename>~/.ssh/authorized_keys2</filename>, <filename>~/.ssh/known_hosts2</filename>, and <filename>/etc/ssh_known_hosts2</filename> are obsolete. SSH Protocol 1 and 2 share the <filename>~/.ssh/authorized_keys</filename>, <filename>~/.ssh/known_hosts</filename>, and <filename>/etc/ssh/ssh_known_hosts</filename> files.
+ </para>
+ <para>
+ &MAJOROSVER; uses SSH Protocol 2 and RSA keys by default.
+ </para>
+ <note>
+ <title>Tip</title>
+ <para>
+ If you reinstall and want to save your generated key pair, backup the <filename>.ssh</filename> directory in your home directory. After reinstalling, copy this directory back to your home directory. This process can be done for all users on your system, including root.
+ </para>
+ </note>
+ <section id="s3-openssh-rsa-keys-v2">
+ <title>Generating an RSA Key Pair for Version 2</title>
+ <indexterm>
+ <primary>RSA keys</primary>
+ <secondary>generating</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>RSA keys</secondary>
+ <tertiary>generating</tertiary>
+ </indexterm>
+ <para>
+ Use the following steps to generate an RSA key pair for version 2 of the SSH protocol. This is the default starting with OpenSSH 2.9.
+ </para>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>ssh-keygen</secondary>
+ <tertiary>RSA</tertiary>
+ </indexterm>
+ <orderedlist continuation="restarts" inheritnum="ignore">
+ <listitem>
+ <para>
+ To generate an RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt:
+ </para>
+ <screen>ssh-keygen -t rsa</screen>
+ <para>
+ Accept the default file location of <filename>~/.ssh/id_rsa</filename>. Enter a passphrase different from your account password and confirm it by entering it again.
+ </para>
+ <para>
+ The public key is written to <filename>~/.ssh/id_rsa.pub</filename>. The private key is written to <filename>~/.ssh/id_rsa</filename>. Never distribute your private key to anyone.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Change the permissions of the <filename>.ssh</filename> directory using the following command:
+ </para>
+ <screen>chmod 755 ~/.ssh</screen>
+ </listitem>
+ <listitem>
+ <para>
+ Copy the contents of <filename>~/.ssh/id_rsa.pub</filename> into the file <filename>~/.ssh/authorized_keys</filename> on the machine to which you want to connect. If the file <filename>~/.ssh/authorized_keys</filename> exist, append the contents of the file <filename>~/.ssh/id_rsa.pub</filename> to the file <filename>~/.ssh/authorized_keys</filename> on the other machine.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Change the permissions of the <filename>authorized_keys</filename> file using the following command:
+ </para>
+ <screen>chmod 644 ~/.ssh/authorized_keys</screen>
+ </listitem>
+ <listitem>
+ <para>
+ If you are running GNOME or are running in a graphical desktop with GTK2+ libraries installed, skip to <xref linkend="s3-openssh-ssh-agent-with-gnome" />. If you are not running the X Window System, skip to <xref linkend="s3-openssh-config-ssh-agent" />.
+ </para>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="s3-openssh-dsa-key">
+ <title>Generating a DSA Key Pair for Version 2</title>
+ <indexterm>
+ <primary>DSA keys</primary>
+ <secondary>generating</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>DSA keys</secondary>
+ <tertiary>generating</tertiary>
+ </indexterm>
+ <para>
+ Use the following steps to generate a DSA key pair for version 2 of the SSH Protocol.
+ </para>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>ssh-keygen</secondary>
+ <tertiary>DSA</tertiary>
+ </indexterm>
+ <orderedlist continuation="restarts" inheritnum="ignore">
+ <listitem>
+ <para>
+ To generate a DSA key pair to work with version 2 of the protocol, type the following command at a shell prompt:
+ </para>
+ <screen>ssh-keygen -t dsa</screen>
+ <para>
+ Accept the default file location of <filename>~/.ssh/id_dsa</filename>. Enter a passphrase different from your account password and confirm it by entering it again.
+ </para>
+ <note>
+ <title>Tip</title>
+ <para>
+ A passphrase is a string of words and characters used to authenticate a user. Passphrases differ from passwords in that you can use spaces or tabs in the passphrase. Passphrases are generally longer than passwords because they are usually phrases instead of a single word.
+ </para>
+ </note>
+ <para>
+ The public key is written to <filename>~/.ssh/id_dsa.pub</filename>. The private key is written to <filename>~/.ssh/id_dsa</filename>. It is important never to give anyone the private key.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Change the permissions of the <filename>.ssh</filename> directory with the following command:
+ </para>
+ <screen>chmod 755 ~/.ssh</screen>
+ </listitem>
+ <listitem>
+ <para>
+ Copy the contents of <filename>~/.ssh/id_dsa.pub</filename> into the file <filename>~/.ssh/authorized_keys</filename> on the machine to which you want to connect. If the file <filename>~/.ssh/authorized_keys</filename> exist, append the contents of the file <filename>~/.ssh/id_dsa.pub</filename> to the file <filename>~/.ssh/authorized_keys</filename> on the other machine.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Change the permissions of the <filename>authorized_keys</filename> file using the following command:
+ </para>
+ <screen>chmod 644 ~/.ssh/authorized_keys</screen>
+ </listitem>
+ <listitem>
+ <para>
+ If you are running GNOME or a graphical desktop environment with the GTK2+ libraries installed, skip to <xref linkend="s3-openssh-ssh-agent-with-gnome" />. If you are not running the X Window System, skip to <xref linkend="s3-openssh-config-ssh-agent" />.
+ </para>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="s3-openssh-rsa-keys-v1">
+ <title>Generating an RSA Key Pair for Version 1.3 and 1.5</title>
+ <indexterm>
+ <primary>RSA Version 1 keys</primary>
+ <secondary>generating</secondary>
+ </indexterm>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>RSA Version 1 keys</secondary>
+ <tertiary>generating</tertiary>
+ </indexterm>
+ <para>
+ Use the following steps to generate an RSA key pair, which is used by version 1 of the SSH Protocol. If you are only connecting between systems that use DSA, you do not need an RSA version 1.3 or RSA version 1.5 key pair.
+ </para>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>ssh-keygen</secondary>
+ <tertiary>RSA Version 1</tertiary>
+ </indexterm>
+ <orderedlist continuation="restarts" inheritnum="ignore">
+ <listitem>
+ <para>
+ To generate an RSA (for version 1.3 and 1.5 protocol) key pair, type the following command at a shell prompt:
+ </para>
+ <screen>ssh-keygen -t rsa1</screen>
+ <para>
+ Accept the default file location (<filename>~/.ssh/identity</filename>). Enter a passphrase different from your account password. Confirm the passphrase by entering it again.
+ </para>
+ <para>
+ The public key is written to <filename>~/.ssh/identity.pub</filename>. The private key is written to <filename>~/.ssh/identity</filename>. Do not give anyone the private key.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Change the permissions of your <filename>.ssh</filename> directory and your key with the commands <command>chmod 755 ~/.ssh</command> and <command>chmod 644 ~/.ssh/identity.pub</command>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Copy the contents of <filename>~/.ssh/identity.pub</filename> into the file <filename>~/.ssh/authorized_keys</filename> on the machine to which you wish to connect. If the file <filename>~/.ssh/authorized_keys</filename> does not exist, you can copy the file <filename>~/.ssh/identity.pub</filename> to the file <filename>~/.ssh/authorized_keys</filename> on the remote machine.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ If you are running GNOME, skip to <xref linkend="s3-openssh-ssh-agent-with-gnome" />. If you are not running GNOME, skip to <xref linkend="s3-openssh-config-ssh-agent" />.
+ </para>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="s3-openssh-ssh-agent-with-gnome">
+ <title>Configuring <command>ssh-agent</command> with a GUI</title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>
+ <command>ssh-agent</command>
+ </secondary>
+ <tertiary>with GNOME</tertiary>
+ </indexterm>
+ <indexterm>
+ <primary>
+ <command>ssh-agent</command>
+ </primary>
+ <secondary>with GNOME</secondary>
+ </indexterm>
+ <para>
+ The <command>ssh-agent</command> utility can be used to save your passphrase so that you do not have to enter it each time you initiate an <command>ssh</command> or <command>scp</command> connection. If you are using GNOME, the <command>gnome-ssh-askpass</command> package contains the application used to prompt you for your passphrase when you log in to GNOME and save it until you log out of GNOME. You will not have to enter your password or passphrase for any <command>ssh</command> or <command>scp</command> connection made during that GNOME session. If you are not using GNOME, refer to <xref linkend="s3-openssh-config-ssh-agent" />.
+ </para>
+ <para>
+ To save your passphrase during your GNOME session, follow the following steps:
+ </para>
+ <orderedlist continuation="restarts" inheritnum="ignore">
+ <listitem>
+ <para>
+ You will need to have the package <filename>gnome-ssh-askpass</filename> installed; you can use the command <command>rpm -q openssh-askpass</command> to determine if it is installed or not. If it is not installed, install it from your &MAJOROS; CD-ROM set, from a Red Hat FTP mirror site, or using Red Hat Network.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Select <guimenu>Main Menu Button</guimenu> (on the Panel) > <guimenuitem>Preferences</guimenuitem> > <guimenuitem>More Preferences</guimenuitem> > <guilabel>Sessions</guilabel>, and click on the <guilabel>Startup Programs</guilabel> tab. Click <guibutton>Add</guibutton> and enter <userinput>/usr/bin/ssh-add</userinput> in the <guilabel>Startup Command</guilabel> text area. Set it a priority to a number higher than any existing commands to ensure that it is executed last. A good priority number for <command>ssh-add</command> is 70 or higher. The higher the priority number, the lower the priority. If you have other programs listed, this one should have the lowest priority. Click <guibutton>Close</guibutton> to exit the program.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Log out and then log back into GNOME; in other words, restart X. After GNOME is started, a dialog box will appear prompting you for your passphrase(s). Enter the passphrase requested. If you have both DSA and RSA key pairs configured, you will be prompted for both. From this point on, you should not be prompted for a password by <command>ssh</command>, <command>scp</command>, or <command>sftp</command>.
+ </para>
+ </listitem>
+ </orderedlist>
+ </section>
+ <section id="s3-openssh-config-ssh-agent">
+ <title>Configuring <command>ssh-agent</command></title>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>
+ <command>ssh-agent</command>
+ </secondary>
+ </indexterm>
+ <indexterm>
+ <primary>
+ <command>ssh-agent</command>
+ </primary>
+ </indexterm>
+ <para>
+ The <command>ssh-agent</command> can be used to store your passphrase so that you do not have to enter it each time you make a <command>ssh</command> or <command>scp</command> connection. If you are not running the X Window System, follow these steps from a shell prompt. If you are running GNOME but you do not want to configure it to prompt you for your passphrase when you log in (refer to <xref linkend="s3-openssh-ssh-agent-with-gnome" />), this procedure will work in a terminal window, such as an XTerm. If you are running X but not GNOME, this procedure will work in a terminal window. However, your passphrase will only be remembered for that terminal window; it is not a global setting.
+ </para>
+ <indexterm>
+ <primary>OpenSSH</primary>
+ <secondary>
+ <command>ssh-add</command>
+ </secondary>
+ </indexterm>
+ <indexterm>
+ <primary>
+ <command>ssh-add</command>
+ </primary>
+ </indexterm>
+ <orderedlist continuation="restarts" inheritnum="ignore">
+ <listitem id="nox">
+ <para>
+ At a shell prompt, type the following command:
+ </para>
+ <screen>exec /usr/bin/ssh-agent $SHELL</screen>
+ </listitem>
+ <listitem>
+ <para>
+ Then type the command:
+ </para>
+ <screen>ssh-add</screen>
+ <para>
+ and enter your passphrase(s). If you have more than one key pair configured, you will be prompted for each one.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ When you log out, your passphrase(s) will be forgotten. You must execute these two commands each time you log in to a virtual console or open a terminal window.
+ </para>
+ </listitem>
+ </orderedlist>
+ </section>
+ </section>
</section>
<section id="s1-ssh-clients">
<title>OpenSSH Clients</title>
@@ -838,287 +1119,6 @@ john at penguin.example.com's password:</screen>
</para>
</important>
</section>
- <section id="s2-openssh-generate-keypairs">
- <title>Generating Key Pairs</title>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>generating key pairs</secondary>
- </indexterm>
- <para>
- If you do not want to enter your password every time you use <command>ssh</command>, <command>scp</command>, or <command>sftp</command> to connect to a remote machine, you can generate an authorization key pair.
- </para>
- <para>
- Keys must be generated for each user. To generate keys for a user, use the following steps as the user who wants to connect to remote machines. If you complete the steps as root, only root will be able to use the keys.
- </para>
- <para>
- Starting with OpenSSH version 3.0, <filename>~/.ssh/authorized_keys2</filename>, <filename>~/.ssh/known_hosts2</filename>, and <filename>/etc/ssh_known_hosts2</filename> are obsolete. SSH Protocol 1 and 2 share the <filename>~/.ssh/authorized_keys</filename>, <filename>~/.ssh/known_hosts</filename>, and <filename>/etc/ssh/ssh_known_hosts</filename> files.
- </para>
- <para>
- &MAJOROSVER; uses SSH Protocol 2 and RSA keys by default.
- </para>
- <note>
- <title>Tip</title>
- <para>
- If you reinstall and want to save your generated key pair, backup the <filename>.ssh</filename> directory in your home directory. After reinstalling, copy this directory back to your home directory. This process can be done for all users on your system, including root.
- </para>
- </note>
- <section id="s3-openssh-rsa-keys-v2">
- <title>Generating an RSA Key Pair for Version 2</title>
- <indexterm>
- <primary>RSA keys</primary>
- <secondary>generating</secondary>
- </indexterm>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>RSA keys</secondary>
- <tertiary>generating</tertiary>
- </indexterm>
- <para>
- Use the following steps to generate an RSA key pair for version 2 of the SSH protocol. This is the default starting with OpenSSH 2.9.
- </para>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>ssh-keygen</secondary>
- <tertiary>RSA</tertiary>
- </indexterm>
- <orderedlist continuation="restarts" inheritnum="ignore">
- <listitem>
- <para>
- To generate an RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt:
- </para>
- <screen>ssh-keygen -t rsa</screen>
- <para>
- Accept the default file location of <filename>~/.ssh/id_rsa</filename>. Enter a passphrase different from your account password and confirm it by entering it again.
- </para>
- <para>
- The public key is written to <filename>~/.ssh/id_rsa.pub</filename>. The private key is written to <filename>~/.ssh/id_rsa</filename>. Never distribute your private key to anyone.
- </para>
- </listitem>
- <listitem>
- <para>
- Change the permissions of the <filename>.ssh</filename> directory using the following command:
- </para>
- <screen>chmod 755 ~/.ssh</screen>
- </listitem>
- <listitem>
- <para>
- Copy the contents of <filename>~/.ssh/id_rsa.pub</filename> into the file <filename>~/.ssh/authorized_keys</filename> on the machine to which you want to connect. If the file <filename>~/.ssh/authorized_keys</filename> exist, append the contents of the file <filename>~/.ssh/id_rsa.pub</filename> to the file <filename>~/.ssh/authorized_keys</filename> on the other machine.
- </para>
- </listitem>
- <listitem>
- <para>
- Change the permissions of the <filename>authorized_keys</filename> file using the following command:
- </para>
- <screen>chmod 644 ~/.ssh/authorized_keys</screen>
- </listitem>
- <listitem>
- <para>
- If you are running GNOME or are running in a graphical desktop with GTK2+ libraries installed, skip to <xref linkend="s3-openssh-ssh-agent-with-gnome" />. If you are not running the X Window System, skip to <xref linkend="s3-openssh-config-ssh-agent" />.
- </para>
- </listitem>
- </orderedlist>
- </section>
- <section id="s3-openssh-dsa-key">
- <title>Generating a DSA Key Pair for Version 2</title>
- <indexterm>
- <primary>DSA keys</primary>
- <secondary>generating</secondary>
- </indexterm>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>DSA keys</secondary>
- <tertiary>generating</tertiary>
- </indexterm>
- <para>
- Use the following steps to generate a DSA key pair for version 2 of the SSH Protocol.
- </para>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>ssh-keygen</secondary>
- <tertiary>DSA</tertiary>
- </indexterm>
- <orderedlist continuation="restarts" inheritnum="ignore">
- <listitem>
- <para>
- To generate a DSA key pair to work with version 2 of the protocol, type the following command at a shell prompt:
- </para>
- <screen>ssh-keygen -t dsa</screen>
- <para>
- Accept the default file location of <filename>~/.ssh/id_dsa</filename>. Enter a passphrase different from your account password and confirm it by entering it again.
- </para>
- <note>
- <title>Tip</title>
- <para>
- A passphrase is a string of words and characters used to authenticate a user. Passphrases differ from passwords in that you can use spaces or tabs in the passphrase. Passphrases are generally longer than passwords because they are usually phrases instead of a single word.
- </para>
- </note>
- <para>
- The public key is written to <filename>~/.ssh/id_dsa.pub</filename>. The private key is written to <filename>~/.ssh/id_dsa</filename>. It is important never to give anyone the private key.
- </para>
- </listitem>
- <listitem>
- <para>
- Change the permissions of the <filename>.ssh</filename> directory with the following command:
- </para>
- <screen>chmod 755 ~/.ssh</screen>
- </listitem>
- <listitem>
- <para>
- Copy the contents of <filename>~/.ssh/id_dsa.pub</filename> into the file <filename>~/.ssh/authorized_keys</filename> on the machine to which you want to connect. If the file <filename>~/.ssh/authorized_keys</filename> exist, append the contents of the file <filename>~/.ssh/id_dsa.pub</filename> to the file <filename>~/.ssh/authorized_keys</filename> on the other machine.
- </para>
- </listitem>
- <listitem>
- <para>
- Change the permissions of the <filename>authorized_keys</filename> file using the following command:
- </para>
- <screen>chmod 644 ~/.ssh/authorized_keys</screen>
- </listitem>
- <listitem>
- <para>
- If you are running GNOME or a graphical desktop environment with the GTK2+ libraries installed, skip to <xref linkend="s3-openssh-ssh-agent-with-gnome" />. If you are not running the X Window System, skip to <xref linkend="s3-openssh-config-ssh-agent" />.
- </para>
- </listitem>
- </orderedlist>
- </section>
- <section id="s3-openssh-rsa-keys-v1">
- <title>Generating an RSA Key Pair for Version 1.3 and 1.5</title>
- <indexterm>
- <primary>RSA Version 1 keys</primary>
- <secondary>generating</secondary>
- </indexterm>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>RSA Version 1 keys</secondary>
- <tertiary>generating</tertiary>
- </indexterm>
- <para>
- Use the following steps to generate an RSA key pair, which is used by version 1 of the SSH Protocol. If you are only connecting between systems that use DSA, you do not need an RSA version 1.3 or RSA version 1.5 key pair.
- </para>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>ssh-keygen</secondary>
- <tertiary>RSA Version 1</tertiary>
- </indexterm>
- <orderedlist continuation="restarts" inheritnum="ignore">
- <listitem>
- <para>
- To generate an RSA (for version 1.3 and 1.5 protocol) key pair, type the following command at a shell prompt:
- </para>
- <screen>ssh-keygen -t rsa1</screen>
- <para>
- Accept the default file location (<filename>~/.ssh/identity</filename>). Enter a passphrase different from your account password. Confirm the passphrase by entering it again.
- </para>
- <para>
- The public key is written to <filename>~/.ssh/identity.pub</filename>. The private key is written to <filename>~/.ssh/identity</filename>. Do not give anyone the private key.
- </para>
- </listitem>
- <listitem>
- <para>
- Change the permissions of your <filename>.ssh</filename> directory and your key with the commands <command>chmod 755 ~/.ssh</command> and <command>chmod 644 ~/.ssh/identity.pub</command>.
- </para>
- </listitem>
- <listitem>
- <para>
- Copy the contents of <filename>~/.ssh/identity.pub</filename> into the file <filename>~/.ssh/authorized_keys</filename> on the machine to which you wish to connect. If the file <filename>~/.ssh/authorized_keys</filename> does not exist, you can copy the file <filename>~/.ssh/identity.pub</filename> to the file <filename>~/.ssh/authorized_keys</filename> on the remote machine.
- </para>
- </listitem>
- <listitem>
- <para>
- If you are running GNOME, skip to <xref linkend="s3-openssh-ssh-agent-with-gnome" />. If you are not running GNOME, skip to <xref linkend="s3-openssh-config-ssh-agent" />.
- </para>
- </listitem>
- </orderedlist>
- </section>
- <section id="s3-openssh-ssh-agent-with-gnome">
- <title>Configuring <command>ssh-agent</command> with a GUI</title>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>
- <command>ssh-agent</command>
- </secondary>
- <tertiary>with GNOME</tertiary>
- </indexterm>
- <indexterm>
- <primary>
- <command>ssh-agent</command>
- </primary>
- <secondary>with GNOME</secondary>
- </indexterm>
- <para>
- The <command>ssh-agent</command> utility can be used to save your passphrase so that you do not have to enter it each time you initiate an <command>ssh</command> or <command>scp</command> connection. If you are using GNOME, the <command>gnome-ssh-askpass</command> package contains the application used to prompt you for your passphrase when you log in to GNOME and save it until you log out of GNOME. You will not have to enter your password or passphrase for any <command>ssh</command> or <command>scp</command> connection made during that GNOME session. If you are not using GNOME, refer to <xref linkend="s3-openssh-config-ssh-agent" />.
- </para>
- <para>
- To save your passphrase during your GNOME session, follow the following steps:
- </para>
- <orderedlist continuation="restarts" inheritnum="ignore">
- <listitem>
- <para>
- You will need to have the package <filename>gnome-ssh-askpass</filename> installed; you can use the command <command>rpm -q openssh-askpass</command> to determine if it is installed or not. If it is not installed, install it from your &MAJOROS; CD-ROM set, from a Red Hat FTP mirror site, or using Red Hat Network.
- </para>
- </listitem>
- <listitem>
- <para>
- Select <guimenu>Main Menu Button</guimenu> (on the Panel) > <guimenuitem>Preferences</guimenuitem> > <guimenuitem>More Preferences</guimenuitem> > <guilabel>Sessions</guilabel>, and click on the <guilabel>Startup Programs</guilabel> tab. Click <guibutton>Add</guibutton> and enter <userinput>/usr/bin/ssh-add</userinput> in the <guilabel>Startup Command</guilabel> text area. Set it a priority to a number higher than any existing commands to ensure that it is executed last. A good priority number for <command>ssh-add</command> is 70 or higher. The higher the priority number, the lower the priority. If you have other programs listed, this one should have the lowest priority. Click <guibutton>Close</guibutton> to exit the program.
- </para>
- </listitem>
- <listitem>
- <para>
- Log out and then log back into GNOME; in other words, restart X. After GNOME is started, a dialog box will appear prompting you for your passphrase(s). Enter the passphrase requested. If you have both DSA and RSA key pairs configured, you will be prompted for both. From this point on, you should not be prompted for a password by <command>ssh</command>, <command>scp</command>, or <command>sftp</command>.
- </para>
- </listitem>
- </orderedlist>
- </section>
- <section id="s3-openssh-config-ssh-agent">
- <title>Configuring <command>ssh-agent</command></title>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>
- <command>ssh-agent</command>
- </secondary>
- </indexterm>
- <indexterm>
- <primary>
- <command>ssh-agent</command>
- </primary>
- </indexterm>
- <para>
- The <command>ssh-agent</command> can be used to store your passphrase so that you do not have to enter it each time you make a <command>ssh</command> or <command>scp</command> connection. If you are not running the X Window System, follow these steps from a shell prompt. If you are running GNOME but you do not want to configure it to prompt you for your passphrase when you log in (refer to <xref linkend="s3-openssh-ssh-agent-with-gnome" />), this procedure will work in a terminal window, such as an XTerm. If you are running X but not GNOME, this procedure will work in a terminal window. However, your passphrase will only be remembered for that terminal window; it is not a global setting.
- </para>
- <indexterm>
- <primary>OpenSSH</primary>
- <secondary>
- <command>ssh-add</command>
- </secondary>
- </indexterm>
- <indexterm>
- <primary>
- <command>ssh-add</command>
- </primary>
- </indexterm>
- <orderedlist continuation="restarts" inheritnum="ignore">
- <listitem id="nox">
- <para>
- At a shell prompt, type the following command:
- </para>
- <screen>exec /usr/bin/ssh-agent $SHELL</screen>
- </listitem>
- <listitem>
- <para>
- Then type the command:
- </para>
- <screen>ssh-add</screen>
- <para>
- and enter your passphrase(s). If you have more than one key pair configured, you will be prompted for each one.
- </para>
- </listitem>
- <listitem>
- <para>
- When you log out, your passphrase(s) will be forgotten. You must execute these two commands each time you log in to a virtual console or open a terminal window.
- </para>
- </listitem>
- </orderedlist>
- </section>
- </section>
</section>
<section id="s1-openssh-additional-resources">
<title>Additional Resources</title>
More information about the docs-commits
mailing list