[deployment-guide/comm-rel: 34/41] Updated the Generating an RSA Key Pair for SSH2 section.
dsilas
dsilas at fedoraproject.org
Fri Jul 16 08:54:45 UTC 2010
commit bda701bf1c15d0b3b7158f5a9ec37ce4eb68a3f5
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Wed Jul 14 20:17:47 2010 +0200
Updated the Generating an RSA Key Pair for SSH2 section.
Please, excuse the temporary creation of that blank subsection, this is
just a quick and dirty solution to make cross-referencing easier. I will
fix it once I am done with all those key pairs.
Does anyone read these messages at all?
en-US/OpenSSH.xml | 79 ++++++++++++++++++++++++++++++++++++-----------------
1 files changed, 54 insertions(+), 25 deletions(-)
---
diff --git a/en-US/OpenSSH.xml b/en-US/OpenSSH.xml
index 4c9956c..22fb29d 100644
--- a/en-US/OpenSSH.xml
+++ b/en-US/OpenSSH.xml
@@ -556,9 +556,9 @@ It is also possible that the RSA host key has just been changed.</screen>
</para>
</note>
<para>
- &MAJOROSVER; uses SSH Protocol 2 and RSA keys by default.
+ &MAJOROSVER; uses SSH Protocol 2 and RSA keys by default (see <xref linkend="s2-ssh-versions" /> for more information).
</para>
- <section id="s3-openssh-rsa-keys-v2">
+ <section id="s3-ssh-configuration-keypairs-rsa2">
<title>Generating an RSA Key Pair for Version 2</title>
<indexterm>
<primary>RSA keys</primary>
@@ -570,49 +570,72 @@ It is also possible that the RSA host key has just been changed.</screen>
<tertiary>generating</tertiary>
</indexterm>
<para>
- Use the following steps to generate an RSA key pair for version 2 of the SSH protocol. This is the default starting with OpenSSH 2.9.
+ To generate an RSA key pair for version 2 of the SSH protocol, follow these steps:
</para>
<indexterm>
<primary>OpenSSH</primary>
<secondary>ssh-keygen</secondary>
<tertiary>RSA</tertiary>
</indexterm>
- <orderedlist continuation="restarts" inheritnum="ignore">
- <listitem>
+ <procedure>
+ <step>
<para>
- To generate an RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt:
+ Generate an RSA key pair by typing the following at a shell prompt:
</para>
- <screen>ssh-keygen -t rsa</screen>
+ <screen>~]$ <command>ssh-keygen -t rsa</command>
+Generating public/private rsa key pair.
+Enter file in which to save the key (/home/john/.ssh/id_rsa):</screen>
+ </step>
+ <step>
<para>
- Accept the default file location of <filename>~/.ssh/id_rsa</filename>. Enter a passphrase different from your account password and confirm it by entering it again.
+ Press <keycap>Enter</keycap> to confirm the default location (that is, <filename>~/.ssh/id_rsa</filename>) for the newly created key.
</para>
+ </step>
+ <step>
<para>
- The public key is written to <filename>~/.ssh/id_rsa.pub</filename>. The private key is written to <filename>~/.ssh/id_rsa</filename>. Never distribute your private key to anyone.
+ Enter a passphrase, and confirm it by entering it again when prompted to do so. For security reasons, avoid using the same password as you use to log in to your account.
</para>
- </listitem>
- <listitem>
<para>
- Change the permissions of the <filename>.ssh</filename> directory using the following command:
+ After this, you will be presented with a message similar to this:
</para>
- <screen>chmod 755 ~/.ssh</screen>
- </listitem>
- <listitem>
+ <screen>Your identification has been saved in /home/john/.ssh/id_rsa.
+Your public key has been saved in /home/john/.ssh/id_rsa.pub.
+The key fingerprint is:
+e7:97:c7:e2:0e:f9:0e:fc:c4:d7:cb:e5:31:11:92:14 john at penguin.example.com
+The key's randomart image is:
++--[ RSA 2048]----+
+| E. |
+| . . |
+| o . |
+| . .|
+| S . . |
+| + o o ..|
+| * * +oo|
+| O +..=|
+| o* o.|
++-----------------+</screen>
+ </step>
+ <step>
<para>
- Copy the contents of <filename>~/.ssh/id_rsa.pub</filename> into the file <filename>~/.ssh/authorized_keys</filename> on the machine to which you want to connect. If the file <filename>~/.ssh/authorized_keys</filename> exist, append the contents of the file <filename>~/.ssh/id_rsa.pub</filename> to the file <filename>~/.ssh/authorized_keys</filename> on the other machine.
+ Change the permissions of the <filename class="directory">~/.ssh/</filename> directory:
</para>
- </listitem>
- <listitem>
+ <screen>~]$ <command>chmod 755 ~/.ssh</command></screen>
+ </step>
+ <step>
<para>
- Change the permissions of the <filename>authorized_keys</filename> file using the following command:
+ Copy the content of <filename>~/.ssh/id_rsa.pub</filename> into the <filename>~/.ssh/authorized_keys</filename> on the machine to which you want to connect, appending it to its end if the file already exists.
</para>
- <screen>chmod 644 ~/.ssh/authorized_keys</screen>
- </listitem>
- <listitem>
+ </step>
+ <step>
<para>
- If you are running GNOME or are running in a graphical desktop with GTK2+ libraries installed, skip to <xref linkend="s3-openssh-ssh-agent-with-gnome" />. If you are not running the X Window System, skip to <xref linkend="s3-openssh-config-ssh-agent" />.
+ Change the permissions of the <filename>~/.ssh/authorized_keys</filename> file using the following command:
</para>
- </listitem>
- </orderedlist>
+ <screen>~]$ <command>chmod 644 ~/.ssh/authorized_keys</command></screen>
+ </step>
+ </procedure>
+ <para>
+ Refer to <xref linkend="s3-ssh-configuration-keypairs-agent" /> for information on how to set up your system to remember the passphrase.
+ </para>
</section>
<section id="s3-openssh-dsa-key">
<title>Generating a DSA Key Pair for Version 2</title>
@@ -725,6 +748,12 @@ It is also possible that the RSA host key has just been changed.</screen>
</listitem>
</orderedlist>
</section>
+ <section id="s3-ssh-configuration-keypairs-agent">
+ <title>Configuring <command>ssh-agent</command></title>
+ <para>
+ Hic sunt leones.
+ </para>
+ </section>
<section id="s3-openssh-ssh-agent-with-gnome">
<title>Configuring <command>ssh-agent</command> with a GUI</title>
<indexterm>
More information about the docs-commits
mailing list