Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
en:documentation:tutorials:ssh:clef_agent_ssh [2018/05/28 14:20] – [Exemples et Cas particuliers] cpetit | en:documentation:tutorials:ssh:clef_agent_ssh [2023/12/12 12:59] (Version actuelle) – supprimée ltaulell | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | <WRAP center round todo 60%> | ||
- | Translation in progress... | ||
- | </ | ||
- | ====== Use SSK keys and SSH agent ====== | ||
- | |||
- | Most oftenly, the SSH client is used with a pair '' | ||
- | |||
- | However, it is possible to use keys | ||
- | (authentication via private/ | ||
- | to connect to a remote server. \\ Moreover, using an SSH agent, you can avoid typing passwords. | ||
- | |||
- | ===== Generate a set of key ===== | ||
- | |||
- | To generate your personal key set, use the same commands as the one to generate the [[en: | ||
- | |||
- | <note important> | ||
- | |||
- | For Windows users, [[documentation: | ||
- | |||
- | For Linux, BSD et MacOS X, here are the main steps to follow: | ||
- | |||
- | ==== Step 1 : Start generating a set of keys ==== | ||
- | |||
- | In a '' | ||
- | |||
- | <code bash> | ||
- | user@host: | ||
- | Generating public/ | ||
- | Enter file in which to save the key (/ | ||
- | <Appuyer la touche Enter> | ||
- | Created directory '/ | ||
- | Enter passphrase (empty for no passphrase): | ||
- | </ | ||
- | |||
- | ==== Step 2 : Choose a good/strong passphrase ==== | ||
- | |||
- | The passphrase is important, it locks your private key. A good passphrase must include ** at least 15 characters **. | ||
- | |||
- | This is a **bad passphrase** : | ||
- | < | ||
- | toto | ||
- | </ | ||
- | |||
- | If the passphrase is too short or too poor, the program will answer: | ||
- | <code bash> | ||
- | Enter same passphrase again: | ||
- | passphrase too short: have 4 bytes, need > 4 | ||
- | Saving the key failed: / | ||
- | </ | ||
- | |||
- | **failed...** | ||
- | |||
- | This is a **good passphrase** : | ||
- | < | ||
- | V0ici 1 ex3mple de passphrase c0mpl1quée, | ||
- | </ | ||
- | |||
- | This is also an example of a **good passphrase** : | ||
- | < | ||
- | A bottle of " | ||
- | </ | ||
- | |||
- | ==== Step 3: Finish the keyset generation ==== | ||
- | |||
- | Finally '' | ||
- | <code bash> | ||
- | Enter same passphrase again: | ||
- | Your identification has been saved in / | ||
- | Your public key has been saved in / | ||
- | </ | ||
- | |||
- | A fingerprint is also generated (see below): | ||
- | |||
- | <code bash> | ||
- | The key fingerprint is: | ||
- | 7a: | ||
- | The key's randomart image is: | ||
- | +--[ RSA 2048]----+ | ||
- | | | | ||
- | | | | ||
- | | . | | ||
- | | o . | ||
- | | o | ||
- | | . o . . . | | ||
- | | o + + + + | | ||
- | | | ||
- | | o+.o. ..o | | ||
- | +-----------------+ | ||
- | </ | ||
- | |||
- | ==== Step 4: Save your ssh key set ==== | ||
- | |||
- | You can copy/paste the fingerprint verification (fingerprint + image) into a file '' | ||
- | |||
- | **Save** your private key ('' | ||
- | ===== Load agent-ssh ===== | ||
- | |||
- | ==== Linux / BSD ==== | ||
- | |||
- | Il existe tout un tas de méthodes : | ||
- | |||
- | * Utiliser les programmes '' | ||
- | * charger l' | ||
- | |||
- | <code bash> | ||
- | eval `ssh-agent` | ||
- | ssh-add | ||
- | </ | ||
- | |||
- | * Installer et utiliser [[http:// | ||
- | |||
- | Vous pouvez utiliser un script (dans votre '' | ||
- | <code bash> | ||
- | # add key(s) to agent | ||
- | eval `keychain --eval --agents ssh id_rsa` | ||
- | </ | ||
- | |||
- | ==== MacOS X ==== | ||
- | |||
- | Sur MacOS X, il existe aussi différentes méthodes : | ||
- | |||
- | * Installer et utiliser [[http:// | ||
- | |||
- | Vous pouvez utiliser un script (dans votre '' | ||
- | <code bash> | ||
- | # add key(s) to agent | ||
- | eval `keychain --eval --agents ssh id_rsa` | ||
- | </ | ||
- | |||
- | * Si vous utilisez MacOSX Keychain, ajoutez l' | ||
- | <code bash> | ||
- | # add key(s) to agent | ||
- | eval `keychain --eval --agents ssh --inherit any id_rsa` | ||
- | </ | ||
- | |||
- | <note important> | ||
- | |||
- | * Installer et utiliser [[http:// | ||
- | |||
- | |||
- | <note tip>Pour bénéficier de " | ||
- | |||
- | |||
- | |||
- | ==== Windows ==== | ||
- | |||
- | Sur Windows, il faut utiliser le logiciel PuTTY, dont l' | ||
- | |||
- | ===== Broadcast the public key ===== | ||
- | |||
- | For the automatic loggin to work (//ie//: without password, ** but with passphrase **), your public key (id_rsa.pub) must be on all target servers, in the '' | ||
- | |||
- | * At PSMN, simply do as below (your ''/ | ||
- | |||
- | <code bash> | ||
- | scp ~/ | ||
- | |||
- | yourlogin@allo-psmn' | ||
- | id_rsa.pub | ||
- | </ | ||
- | |||
- | <note important> | ||
- | |||
- | <code bash> | ||
- | scp ~/ | ||
- | yourlogin@allo-psmn' | ||
- | id_rsa.pub | ||
- | </ | ||
- | |||
- | <code bash> | ||
- | ssh yourlogin@allo-psmn | ||
- | yourlogin@allo-psmn' | ||
- | |||
- | > cat .ssh/ | ||
- | > exit | ||
- | </ | ||
- | |||
- | If you have successfully loaded your ssh-agent, you can now login to '' | ||
- | |||
- | <code bash> | ||
- | user@host: | ||
- | </ | ||
- | (yourlogin correspond to your login at PSMN) | ||
- | |||
- | ===== Examples and use cases ===== | ||
- | |||
- | ==== Exemple de configuration pour Linux et BSD==== | ||
- | |||
- | On peut automatiser les étapes de la connexion en utilisant le fichier '' | ||
- | |||
- | * '' | ||
- | |||
- | <code bash config> | ||
- | Host * | ||
- | ServerAliveInterval 60 | ||
- | ForwardX11Timeout 1d | ||
- | TCPKeepAlive yes | ||
- | ForwardAgent yes | ||
- | ForwardX11 yes # pour Linux | ||
- | # ForwardX11Trusted yes # pour MacOSX | ||
- | Compression yes | ||
- | StrictHostKeyChecking no | ||
- | HashKnownHosts no | ||
- | |||
- | ### | ||
- | # passerelle interne | ||
- | Host allo-psmn | ||
- | User <login PSMN> | ||
- | HostName allo-psmn.psmn.ens-lyon.fr | ||
- | |||
- | # connexion à x5650comp1 depuis l' | ||
- | Host comp1 | ||
- | User <login PSMN> | ||
- | Hostname x5650comp1 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | # connexion à e5-2670comp2 depuis l' | ||
- | Host comp2 | ||
- | User <login PSMN> | ||
- | Hostname e5-2670comp2 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | ### | ||
- | # passerelle externe | ||
- | Host allo-externe | ||
- | User <login PSMN> | ||
- | ProxyCommand ssh <login PSMN> | ||
- | # User <login ENS> | ||
- | # ProxyCommand ssh <login ENS> | ||
- | |||
- | # connexion à x5650comp1 depuis l' | ||
- | Host comp1-ext | ||
- | User <login PSMN> | ||
- | HostName x5650comp1 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | # connexion à e5-2670comp2 depuis l' | ||
- | Host comp2-ext | ||
- | User <login PSMN> | ||
- | Hostname e5-2670comp2 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | </ | ||
- | |||
- | Bien évidemment, | ||
- | |||
- | La liste des serveurs de connexion du PSMN est disponible [[documentation: | ||
- | |||
- | Ce fichier contient déjà des rebonds. Pour plus d' | ||
- | |||
- | ==== Exemple de configuration pour MacOS X ==== | ||
- | |||
- | Sur MacOS X, il vaut mieux utiliser l' | ||
- | |||
- | * '' | ||
- | |||
- | <code bash config> | ||
- | Host * | ||
- | ServerAliveInterval 60 | ||
- | ForwardX11Timeout 1d | ||
- | TCPKeepAlive yes | ||
- | ForwardAgent yes | ||
- | # ForwardX11 yes # pour Linux | ||
- | ForwardX11Trusted yes # pour MacOSX | ||
- | Compression yes | ||
- | StrictHostKeyChecking no | ||
- | HashKnownHosts no | ||
- | |||
- | ### | ||
- | # passerelle interne | ||
- | Host allo-psmn | ||
- | User <login PSMN> | ||
- | HostName allo-psmn.psmn.ens-lyon.fr | ||
- | |||
- | # connexion à x5650comp1 depuis l' | ||
- | Host comp1 | ||
- | User <login PSMN> | ||
- | Hostname x5650comp1 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | # connexion à e5-2670comp2 depuis l' | ||
- | Host comp2 | ||
- | User <login PSMN> | ||
- | Hostname e5-2670comp2 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | ### | ||
- | # passerelle externe | ||
- | Host allo-externe | ||
- | User <login PSMN> | ||
- | #HostName allo-psmn | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | # connexion à x5650comp1 depuis l' | ||
- | Host comp1-ext | ||
- | User <login PSMN> | ||
- | HostName x5650comp1 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | # connexion à e5-2670comp2 depuis l' | ||
- | Host comp2-ext | ||
- | User <login PSMN> | ||
- | Hostname e5-2670comp2 | ||
- | ProxyCommand ssh <login PSMN> | ||
- | |||
- | </ | ||
- | |||
- | Bien évidemment, | ||
- | |||
- | La liste des serveurs de connexion du PSMN est disponible [[documentation: | ||
- | |||
- | Ce fichier contient déjà des rebonds. Pour plus d' | ||
- | |||
- | ==== export X pour MacOS X ==== | ||
- | |||
- | Pour pouvoir utiliser " | ||
- | |||
- | ==== Rebonds et multiples rebonds ==== | ||
- | |||
- | Pour plus d' |