Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteDernière révisionLes deux révisions suivantes | ||
| en:documentation:tutorials:ssh:clef_agent_ssh [2018/05/28 14:20] – [Diffuser la clef publique] cpetit | en:documentation:tutorials:ssh:clef_agent_ssh [2020/08/25 15:58] – modification externe 127.0.0.1 | ||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| - | <WRAP center round todo 60%> | ||
| - | Translation in progress... | ||
| - | </ | ||
| ====== Use SSK keys and SSH agent ====== | ====== Use SSK keys and SSH agent ====== | ||
| - | Most oftenly, the SSH client is used with a pair '' | + | Most oftenly, the SSH client is used with a pair '' |
| However, it is possible to use keys | However, it is possible to use keys | ||
| (authentication via private/ | (authentication via private/ | ||
| - | to connect to a remote server. \\ Moreover, using an SSH agent, you can avoid typing passwords. | + | to connect to a remote server. \\ Moreover, using an SSH agent, you can avoid typing passwords |
| - | ===== Generate a set of key ===== | + | ===== Generate a key set ===== |
| To generate your personal key set, use the same commands as the one to generate the [[en: | To generate your personal key set, use the same commands as the one to generate the [[en: | ||
| Ligne 34: | Ligne 31: | ||
| </ | </ | ||
| + | |||
| + | |||
| + | <WRAP center round info 60%> | ||
| + | New default parameters of SSH may generate a '' | ||
| + | </ | ||
| ==== Step 2 : Choose a good/strong passphrase ==== | ==== Step 2 : Choose a good/strong passphrase ==== | ||
| Ligne 92: | Ligne 94: | ||
| ==== Step 4: Save your ssh key set ==== | ==== Step 4: Save your ssh key set ==== | ||
| - | You can copy/paste the fingerprint verification (fingerprint + image) into a file '' | + | You can copy/paste the fingerprint verification (fingerprint + image) into a file '' |
| **Save** your private key ('' | **Save** your private key ('' | ||
| Ligne 99: | Ligne 101: | ||
| ==== Linux / BSD ==== | ==== Linux / BSD ==== | ||
| - | Il existe tout un tas de méthodes | + | There' |
| - | * Utiliser les programmes | + | * Use '' |
| - | * charger l'agent dans un script : | + | * load ssh-agent in a script: |
| <code bash> | <code bash> | ||
| Ligne 109: | Ligne 111: | ||
| </ | </ | ||
| - | * Installer et utiliser | + | * Install and use [[http:// |
| + | |||
| + | You can use a script (in your '' | ||
| - | Vous pouvez utiliser un script (dans votre '' | ||
| <code bash> | <code bash> | ||
| # add key(s) to agent | # add key(s) to agent | ||
| Ligne 117: | Ligne 120: | ||
| </ | </ | ||
| + | * KDE startup script: | ||
| + | |||
| + | <code bash> | ||
| + | #! /bin/bash | ||
| + | # Put this in ~/ | ||
| + | # or ~/ | ||
| + | export SSH_ASKPASS=/ | ||
| + | / | ||
| + | </ | ||
| ==== MacOS X ==== | ==== MacOS X ==== | ||
| - | Sur MacOS X, il existe aussi différentes méthodes | + | There' |
| - | * Installer et utiliser | + | * Install and use [[http:// |
| + | |||
| + | You can use a script (in your '' | ||
| - | Vous pouvez utiliser un script (dans votre '' | ||
| <code bash> | <code bash> | ||
| # add key(s) to agent | # add key(s) to agent | ||
| Ligne 129: | Ligne 142: | ||
| </ | </ | ||
| - | * Si vous utilisez | + | * On MacOSX Keychain, |
| <code bash> | <code bash> | ||
| # add key(s) to agent | # add key(s) to agent | ||
| Ligne 135: | Ligne 148: | ||
| </ | </ | ||
| - | <note important> | + | <note important> |
| - | * Installer et utiliser | + | * Install and use [[http:// |
| - | <note tip>Pour bénéficier de "l' | + | <note tip>For " |
| + | [[documentation: | ||
| Ligne 146: | Ligne 160: | ||
| ==== Windows ==== | ==== Windows ==== | ||
| - | Sur Windows, | + | On Windows, |
| ===== Broadcast the public key ===== | ===== Broadcast the public key ===== | ||
| Ligne 184: | Ligne 199: | ||
| (yourlogin correspond to your login at PSMN) | (yourlogin correspond to your login at PSMN) | ||
| - | ===== Exemples et Cas particuliers | + | ===== Examples and use cases ===== |
| - | ==== Exemple de configuration pour Linux et BSD==== | + | ==== Linux and BSD configuration example |
| - | On peut automatiser les étapes de la connexion en utilisant le fichier '' | + | You can automate the connection steps by using the SSH config file on your workstation. Here is an example: |
| - | * '' | + | * '' |
| <code bash config> | <code bash config> | ||
| Ligne 205: | Ligne 220: | ||
| ### | ### | ||
| - | # passerelle interne | + | # internal gateway |
| Host allo-psmn | Host allo-psmn | ||
| User <login PSMN> | User <login PSMN> | ||
| HostName allo-psmn.psmn.ens-lyon.fr | HostName allo-psmn.psmn.ens-lyon.fr | ||
| - | # connexion à x5650comp1 | + | # connection to x5650comp1 |
| Host comp1 | Host comp1 | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 216: | Ligne 231: | ||
| ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
| - | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
| Host comp2 | Host comp2 | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 223: | Ligne 238: | ||
| ### | ### | ||
| - | # passerelle externe | + | # external gateway |
| Host allo-externe | Host allo-externe | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 230: | Ligne 245: | ||
| # ProxyCommand ssh <login ENS> | # ProxyCommand ssh <login ENS> | ||
| - | # connexion à x5650comp1 | + | # connection to x5650comp1 |
| Host comp1-ext | Host comp1-ext | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 236: | Ligne 251: | ||
| ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
| - | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
| Host comp2-ext | Host comp2-ext | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 244: | Ligne 259: | ||
| </ | </ | ||
| - | Bien évidemment, | + | You need to replace |
| - | La liste des serveurs de connexion du PSMN est disponible | + | The list of connection servers to the PSMN is available |
| - | Ce fichier contient déjà des rebonds. Pour plus d' | + | This example file already implement hops. For more explanations, see the documentation |
| - | ==== Exemple de configuration pour MacOS X ==== | + | ==== MacOS X configuration example |
| - | Sur MacOS X, il vaut mieux utiliser l' | + | On MacOS X, you need to use the '' |
| - | * '' | + | * '' |
| <code bash config> | <code bash config> | ||
| Ligne 262: | Ligne 277: | ||
| TCPKeepAlive yes | TCPKeepAlive yes | ||
| ForwardAgent yes | ForwardAgent yes | ||
| - | # ForwardX11 yes # | + | # ForwardX11 yes # |
| - | ForwardX11Trusted yes # pour MacOSX | + | ForwardX11Trusted yes # for MacOSX |
| Compression yes | Compression yes | ||
| StrictHostKeyChecking no | StrictHostKeyChecking no | ||
| Ligne 269: | Ligne 284: | ||
| ### | ### | ||
| - | # passerelle interne | + | # internal gateway |
| Host allo-psmn | Host allo-psmn | ||
| User <login PSMN> | User <login PSMN> | ||
| HostName allo-psmn.psmn.ens-lyon.fr | HostName allo-psmn.psmn.ens-lyon.fr | ||
| - | # connexion à x5650comp1 | + | # connection to x5650comp1 |
| Host comp1 | Host comp1 | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 280: | Ligne 295: | ||
| ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
| - | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
| Host comp2 | Host comp2 | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 287: | Ligne 302: | ||
| ### | ### | ||
| - | # passerelle externe | + | # external gateway |
| Host allo-externe | Host allo-externe | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 293: | Ligne 308: | ||
| ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
| - | # connexion à x5650comp1 | + | # connection to x5650comp1 |
| Host comp1-ext | Host comp1-ext | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 299: | Ligne 314: | ||
| ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
| - | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
| Host comp2-ext | Host comp2-ext | ||
| User <login PSMN> | User <login PSMN> | ||
| Ligne 307: | Ligne 322: | ||
| </ | </ | ||
| - | Bien évidemment, | + | You need to replace |
| + | |||
| + | The list of connection servers to the PSMN is available | ||
| - | La liste des serveurs de connexion du PSMN est disponible | + | This example file already implement hops. For more explanations, |
| - | Ce fichier contient déjà des rebonds. Pour plus d' | ||
| - | ==== export X pour MacOS X ==== | + | ==== export X for MacOS X ==== |
| - | Pour pouvoir utiliser " | ||
| - | ==== Rebonds et multiples rebonds | + | To be able to use " |
| + | ==== Hops and multihops | ||
| - | Pour plus d' | + | For more explanation on hops and their automation, [[en:documentation: |