Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteProchaine révisionLes deux révisions suivantes | ||
en:documentation:tutorials:ssh:clef_agent_ssh [2018/05/28 14:10] – [Charger l'agent-ssh] cpetit | en:documentation:tutorials:ssh:clef_agent_ssh [2020/05/07 15:57] – [Windows] ltaulell | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | <WRAP center round todo 60%> | ||
- | Translation in progress... | ||
- | </ | ||
====== Use SSK keys and SSH agent ====== | ====== Use SSK keys and SSH agent ====== | ||
Ligne 9: | Ligne 6: | ||
However, it is possible to use keys | However, it is possible to use keys | ||
(authentication via private/ | (authentication via private/ | ||
- | to connect to a remote server. \\ Moreover, using an SSH agent, you can avoid typing passwords. | + | to connect to a remote server. \\ Moreover, using an SSH agent, you can avoid typing passwords |
- | ===== Generate a set of key ===== | + | ===== Generate a key set ===== |
To generate your personal key set, use the same commands as the one to generate the [[en: | To generate your personal key set, use the same commands as the one to generate the [[en: | ||
Ligne 34: | Ligne 31: | ||
</ | </ | ||
+ | |||
+ | |||
+ | <WRAP center round info 60%> | ||
+ | New default parameters of SSH may generate a '' | ||
+ | </ | ||
==== Step 2 : Choose a good/strong passphrase ==== | ==== Step 2 : Choose a good/strong passphrase ==== | ||
Ligne 92: | Ligne 94: | ||
==== Step 4: Save your ssh key set ==== | ==== Step 4: Save your ssh key set ==== | ||
- | You can copy/paste the fingerprint verification (fingerprint + image) into a file '' | + | You can copy/paste the fingerprint verification (fingerprint + image) into a file '' |
**Save** your private key ('' | **Save** your private key ('' | ||
Ligne 99: | Ligne 101: | ||
==== Linux / BSD ==== | ==== Linux / BSD ==== | ||
- | Il existe tout un tas de méthodes | + | There' |
- | * Utiliser les programmes | + | * Use '' |
- | * charger l'agent dans un script : | + | * load ssh-agent in a script: |
<code bash> | <code bash> | ||
Ligne 109: | Ligne 111: | ||
</ | </ | ||
- | * Installer et utiliser | + | * Install and use [[http:// |
+ | |||
+ | You can use a script (in your '' | ||
- | Vous pouvez utiliser un script (dans votre '' | ||
<code bash> | <code bash> | ||
# add key(s) to agent | # add key(s) to agent | ||
Ligne 119: | Ligne 122: | ||
==== MacOS X ==== | ==== MacOS X ==== | ||
- | Sur MacOS X, il existe aussi différentes méthodes | + | There' |
+ | |||
+ | * Install and use [[http:// | ||
- | * Installer et utiliser [[http://www.funtoo.org/ | + | You can use a script (in your '' |
- | Vous pouvez utiliser un script (dans votre '' | ||
<code bash> | <code bash> | ||
# add key(s) to agent | # add key(s) to agent | ||
Ligne 129: | Ligne 133: | ||
</ | </ | ||
- | * Si vous utilisez | + | * On MacOSX Keychain, |
<code bash> | <code bash> | ||
# add key(s) to agent | # add key(s) to agent | ||
Ligne 135: | Ligne 139: | ||
</ | </ | ||
- | <note important> | + | <note important> |
- | * Installer et utiliser | + | * Install and use [[http:// |
- | <note tip>Pour bénéficier de "l' | + | <note tip>For " |
+ | [[documentation: | ||
Ligne 146: | Ligne 151: | ||
==== Windows ==== | ==== Windows ==== | ||
- | Sur Windows, | + | On Windows, |
- | ===== Diffuser la clef publique ===== | ||
- | Pour que le login automatique (ie: sans mot de passe, **mais avec passphrase**) fonctionne, votre clef publique (id_rsa.pub) doit se trouver sur tous les serveurs cibles, dans le fichier '' | + | ===== Broadcast the public key ===== |
- | | + | For the automatic loggin to work (//ie//: without password, |
+ | |||
+ | * At PSMN, simply do as below (your ''/ | ||
<code bash> | <code bash> | ||
- | scp ~/ | + | scp ~/ |
- | | + | |
id_rsa.pub | id_rsa.pub | ||
</ | </ | ||
- | <note important> | + | <note important> |
<code bash> | <code bash> | ||
- | scp ~/ | + | scp ~/ |
- | | + | |
id_rsa.pub | id_rsa.pub | ||
</ | </ | ||
<code bash> | <code bash> | ||
- | ssh votrelogin@allo-psmn | + | ssh yourlogin@allo-psmn |
- | | + | |
> cat .ssh/ | > cat .ssh/ | ||
Ligne 177: | Ligne 183: | ||
</ | </ | ||
- | Si vous avez bien chargé votre agent-ssh, vous pouvez maintenant vous connecter sur '' | + | If you have successfully loaded your ssh-agent, |
<code bash> | <code bash> | ||
- | user@host: | + | user@host: |
</ | </ | ||
- | (votrelogin | + | (yourlogin |
- | ===== Exemples et Cas particuliers | + | ===== Examples and use cases ===== |
- | ==== Exemple de configuration pour Linux et BSD==== | + | ==== Linux and BSD configuration example |
- | On peut automatiser les étapes de la connexion en utilisant le fichier '' | + | You can automate the connection steps by using the SSH config file on your workstation. Here is an example: |
- | * '' | + | * '' |
<code bash config> | <code bash config> | ||
Ligne 205: | Ligne 211: | ||
### | ### | ||
- | # passerelle interne | + | # internal gateway |
Host allo-psmn | Host allo-psmn | ||
User <login PSMN> | User <login PSMN> | ||
HostName allo-psmn.psmn.ens-lyon.fr | HostName allo-psmn.psmn.ens-lyon.fr | ||
- | # connexion à x5650comp1 | + | # connection to x5650comp1 |
Host comp1 | Host comp1 | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 216: | Ligne 222: | ||
ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
- | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
Host comp2 | Host comp2 | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 223: | Ligne 229: | ||
### | ### | ||
- | # passerelle externe | + | # external gateway |
Host allo-externe | Host allo-externe | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 230: | Ligne 236: | ||
# ProxyCommand ssh <login ENS> | # ProxyCommand ssh <login ENS> | ||
- | # connexion à x5650comp1 | + | # connection to x5650comp1 |
Host comp1-ext | Host comp1-ext | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 236: | Ligne 242: | ||
ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
- | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
Host comp2-ext | Host comp2-ext | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 244: | Ligne 250: | ||
</ | </ | ||
- | Bien évidemment, | + | You need to replace |
- | La liste des serveurs de connexion du PSMN est disponible | + | The list of connection servers to the PSMN is available |
- | Ce fichier contient déjà des rebonds. Pour plus d' | + | This example file already implement hops. For more explanations, see the documentation |
- | ==== Exemple de configuration pour MacOS X ==== | + | ==== MacOS X configuration example |
- | Sur MacOS X, il vaut mieux utiliser l' | + | On MacOS X, you need to use the '' |
- | * '' | + | * '' |
<code bash config> | <code bash config> | ||
Ligne 262: | Ligne 268: | ||
TCPKeepAlive yes | TCPKeepAlive yes | ||
ForwardAgent yes | ForwardAgent yes | ||
- | # ForwardX11 yes # | + | # ForwardX11 yes # |
- | ForwardX11Trusted yes # pour MacOSX | + | ForwardX11Trusted yes # for MacOSX |
Compression yes | Compression yes | ||
StrictHostKeyChecking no | StrictHostKeyChecking no | ||
Ligne 269: | Ligne 275: | ||
### | ### | ||
- | # passerelle interne | + | # internal gateway |
Host allo-psmn | Host allo-psmn | ||
User <login PSMN> | User <login PSMN> | ||
HostName allo-psmn.psmn.ens-lyon.fr | HostName allo-psmn.psmn.ens-lyon.fr | ||
- | # connexion à x5650comp1 | + | # connection to x5650comp1 |
Host comp1 | Host comp1 | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 280: | Ligne 286: | ||
ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
- | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
Host comp2 | Host comp2 | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 287: | Ligne 293: | ||
### | ### | ||
- | # passerelle externe | + | # external gateway |
Host allo-externe | Host allo-externe | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 293: | Ligne 299: | ||
ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
- | # connexion à x5650comp1 | + | # connection to x5650comp1 |
Host comp1-ext | Host comp1-ext | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 299: | Ligne 305: | ||
ProxyCommand ssh <login PSMN> | ProxyCommand ssh <login PSMN> | ||
- | # connexion à e5-2670comp2 | + | # connection to e5-2670comp2 |
Host comp2-ext | Host comp2-ext | ||
User <login PSMN> | User <login PSMN> | ||
Ligne 307: | Ligne 313: | ||
</ | </ | ||
- | Bien évidemment, | + | You need to replace |
+ | |||
+ | The list of connection servers to the PSMN is available | ||
- | La liste des serveurs de connexion du PSMN est disponible | + | This example file already implement hops. For more explanations, |
- | Ce fichier contient déjà des rebonds. Pour plus d' | ||
- | ==== export X pour MacOS X ==== | + | ==== export X for MacOS X ==== |
- | Pour pouvoir utiliser " | ||
- | ==== Rebonds et multiples rebonds | + | To be able to use " |
+ | ==== Hops and multihops | ||
- | Pour plus d' | + | For more explanation on hops and their automation, [[en:documentation: |