[Savannah-cvs] [SshAccess] (edit) add instructions for ssh-agent

[Beuc]

??changed:
-
- You can simply setup your SSH key by typing in a terminal::
-
-  ssh-keygen -t dsa
-
- Then copy '~/.ssh/id_dsa.pub' at 
https://savannah.gnu.org/my/admin/editsshkeys.php (once logged in).
-------------

You can simply setup your SSH key by typing in a terminal::

 ssh-keygen -t dsa

Then copy ``~/.ssh/id_dsa.pub`` at 
https://savannah.gnu.org/my/admin/editsshkeys.php (once logged in).

??changed:
-
- Generally, if you can't access to your CVS trees or your download area, it 
means that your SSH access is not correctly configured. The only thing to do is 
to create a ssh-key and register it.
-
- Note that if you're not member of any project, no account will created on the 
system - you will have your web account, but not system access. A system 
account will be created after you become a member of at least one project.
-
- First, you need to create the ssh-key. In general, this is done by using::
-
-  ssh-keygen -t dsa
-
- It will ask you for a passphrase. Only this passphrase will be accepted for 
CVS or scp authentification, not the Savannah password. The public key will be 
placed at '~/.ssh/id_dsa.pub'.
-
- You must register your public key in the Account Maintenance page 
(http://savannah.gnu.org/my/admin/editsshkeys.php). Make sure there are no line 
breaks except between keys - more information in the Account Maintenance page. 
After submitting, verify that the number of keys in your file is what you 
expected.
-
- You can publish several public keys, which is often needed when you connect 
to Savannah from different computers. You can delete them when you do not use 
that key pair anymore.
-
- Wait for the next cron job (in the worst case, 1 hour).
-
- Try to download your CVS tree (take a look at your CVS project page - or read 
*How do I import my project into the CVS?*)
-
-[18 more lines...]
----------------

Generally, if you can't access your CVS trees or your download area,
it means your SSH access is not correctly configured.
The only thing to do is to create a ssh-key and register it.

Note that if you're not member of any project, no account will created on the 
system
- you will have your web account, but not system access.
A system account will be created after you become a member of at least one 
project.

First, you need to create the ssh-key. In general, this is done by using::

 ssh-keygen -t dsa

It will ask you for a passphrase. Only this passphrase will be accepted
for CVS or scp authentication, not the Savannah password.
The public key will be placed at '~/.ssh/id_dsa.pub'.

You must register your public key in the Account Maintenance page
(http://savannah.gnu.org/my/admin/editsshkeys.php).
Make sure there are no line breaks except between keys
- more information in the Account Maintenance page.
After submitting, verify that the number of keys in your file is what you 
expected.

You can publish several public keys, which is often needed
when you connect to Savannah from different computers.
You can delete them when you do not use that key pair anymore.

Wait for the next cron job (in the worst case, 1 hour).

Try to download your CVS tree (take a look at your CVS project page
- or read CvsImportExistingProject)

Remembering your passphrase
---------------------------

``ssh-agent`` may be already started for you (that's the case for most 
distros). Check its present using::

 $ ps ax | grep ssh-agent
  3535 ?        Ss     0:00 /usr/bin/ssh-agent /usr/bin/ssh-agent 
/usr/bin/dbus-launch --exit-with-session /usr/bin/gnome-session
  3536 ?        Ss     0:01 /usr/bin/ssh-agent /usr/bin/dbus-launch 
--exit-with-session /usr/bin/gnome-session
 24672 pts/2    S+     0:00 grep ssh-agent
 
 # or:
 
 $ echo $SSH_AGENT_PID - $SSH_AUTH_SOCK
 3536 - /tmp/keyring-6Q9l0p/ssh

Once ``ssh-agent`` is started, you need to register your password using 
``ssh-add``::

 $ ssh-add
 Enter passphrase for /home/me/.ssh/id_dsa: 
 
 # or:
 
 $ ssh-add ~/.ssh/myotherkey

This will last for the duration of the X session.

After that, 'ssh' will not ask you your passphrase anymore.


Troubleshooting
---------------

* If, when (for example) you try to use CVS, you're rejected with 'Permission 
denied (publickey).', that means that your key is not recognized. It could be a 
matter of time (cron job) or, generally, it means that your key is not a 
correct SSH2 DSA key (the key registration page contains a sample key for you 
to compare). If you think you have done everything correctly, use the support 
manager (https://savannah.gnu.org/support/?group=administration) or write to 
address@hidden explaining your problem, providing copy/paste from the errors 
messages. It would also be good to provide the output from the following 
commands::

 cvs -t -d:ext:address@hidden/cvsroot/yourproject co yourproject
 ssh -v address@hidden

* I have several SSH keys, how do I get the SSH client to select the 
appropriate one?

 * You can use 'ssh-agent' and 'ssh-add' to remember your key and passphrase. 
Then the SSH client will try all the remembered keys.

 * You can explicitly specify the key
   to use in your '~/.ssh/config'::

    Host cvs.*gnu.org
      IdentityFile ~/.ssh/id_dsa_savannah

 * You can also use
   a wrapper script::

??changed:
- * My key has several lines, how do I enter it? Well, note that we only 
support free implementations of SSH, such as http://www.openssh.org. If you 
public key is several-lines-long, and begins with '---- BEGIN SSH2 PUBLIC KEY 
----', then you are using a proprietary version that we do not support.
-
- * When you try to cvs, it will reports the authenticity of host 
subversions.gnu.org cannot be established, RSA key fingerprint is 
'80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5'. Why RSA here and not DSA? 
This is the RSA fingerprint of the Savannah site-wide server key. It is used to 
verify that the site you are connecting to is well GNU Savannah, and not a fake 
website. It is totally different from your SSH key.
-
-
-From thecarpy Wed Feb 27 09:18:32 +0000 2008
-From: thecarpy
-Date: Wed, 27 Feb 2008 09:18:32 +0000
-Subject: typos
-Message-ID: <address@hidden://savannah.gnu.org/maintenance>
-
-There are several typos on this page:
-Generally, if you can't access to your CVS trees or your download area
-should be
-Generally, if you can't access your CVS trees or your download area
-
-then means that your key is not recognized.
-should be
-that means your key is not recognized.
-[3 more lines...]
* My key has several lines, how do I enter it? Well, note that we only support 
free implementations of SSH, such as http://www.openssh.org. If you public key 
is several-lines-long, and begins with '---- BEGIN SSH2 PUBLIC KEY ----', then 
you are using a proprietary version that we do not support.

* When you try to cvs, it will reports the authenticity of host 
subversions.gnu.org cannot be established, RSA key fingerprint is 
``80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5``. Why RSA here and not DSA? 
This is the RSA fingerprint of the Savannah site-wide server key. It is used to 
verify that the site you are connecting to is well GNU Savannah, and not a fake 
website. It is totally different from your SSH key.

* What about ``authorized_keys``?

``authorized_keys`` is maintained on the server side, at Savannah. This is done 
automatically, based on the public keys you uploaded to the web interface.


--
forwarded from 
https://savannah.gnu.org/maintenance/address@hidden://savannah.gnu.org/maintenance