Change the ssh-keygen example to RSA. Remove mention of DSA. Clean up
some of the stilted, halting language here, improving readability by 31.8%.
This commit is contained in:
Warren Block
parent
ddbdcd54dd
commit
d6e4e85075
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=49377
1 changed files with 63 additions and 34 deletions
|
|
@ -2599,32 +2599,55 @@ COPYRIGHT 100% |*****************************| 4735
|
|||
|
||||
<para>Instead of using passwords, a client can be configured
|
||||
to connect to the remote machine using keys. To generate
|
||||
<acronym>DSA</acronym> or <acronym>RSA</acronym>
|
||||
<acronym>RSA</acronym>
|
||||
authentication keys, use <command>ssh-keygen</command>. To
|
||||
generate a public and private key pair, specify the type of
|
||||
key and follow the prompts. It is recommended to protect
|
||||
the keys with a memorable, but hard to guess
|
||||
passphrase.</para>
|
||||
|
||||
<screen>&prompt.user; <userinput>ssh-keygen -t <replaceable>dsa</replaceable></userinput>
|
||||
Generating public/private dsa key pair.
|
||||
Enter file in which to save the key (/home/user/.ssh/id_dsa):
|
||||
Created directory '/home/user/.ssh'.
|
||||
Enter passphrase (empty for no passphrase): <replaceable>type some passphrase here which can contain spaces</replaceable>
|
||||
Enter same passphrase again: <replaceable>type some passphrase here which can contain spaces</replaceable>
|
||||
Your identification has been saved in /home/user/.ssh/id_dsa.
|
||||
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
|
||||
<screen>&prompt.user; <userinput>ssh-keygen -t rsa</userinput>
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key (/home/user/.ssh/id_rsa):
|
||||
Enter passphrase (empty for no passphrase): <co xml:id="co-ssh-keygen-passphrase1"/>
|
||||
Enter same passphrase again: <co xml:id="co-ssh-keygen-passphrase2"/>
|
||||
Your identification has been saved in /home/user/.ssh/id_rsa.
|
||||
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
|
||||
The key fingerprint is:
|
||||
bb:48:db:f2:93:57:80:b6:aa:bc:f5:d5:ba:8f:79:17 user@host.example.com</screen>
|
||||
SHA256:54Xm9Uvtv6H4NOo6yjP/YCfODryvUU7yWHzMqeXwhq8 user@host.example.com
|
||||
The key's randomart image is:
|
||||
+---[RSA 2048]----+
|
||||
| |
|
||||
| |
|
||||
| |
|
||||
| . o.. |
|
||||
| .S*+*o |
|
||||
| . O=Oo . . |
|
||||
| = Oo= oo..|
|
||||
| .oB.* +.oo.|
|
||||
| =OE**.o..=|
|
||||
+----[SHA256]-----+</screen>
|
||||
|
||||
<para>Depending upon the specified protocol, the private key
|
||||
is stored in <filename>~/.ssh/id_dsa</filename> (or
|
||||
<filename>~/.ssh/id_rsa</filename>), and the public key
|
||||
is stored in <filename>~/.ssh/id_dsa.pub</filename> (or
|
||||
<filename>~/.ssh/id_rsa.pub</filename>). The
|
||||
<emphasis>public</emphasis> key must be first copied to
|
||||
<calloutlist>
|
||||
<callout arearefs="co-ssh-keygen-passphrase1">
|
||||
<para>Type a passphrase here. It can contain spaces and
|
||||
symbols.</para>
|
||||
</callout>
|
||||
|
||||
<callout arearefs="co-ssh-keygen-passphrase2">
|
||||
<para>Retype the passphrase to verify it.</para>
|
||||
</callout>
|
||||
</calloutlist>
|
||||
|
||||
|
||||
<para>The private key
|
||||
is stored in <filename>~/.ssh/id_rsa</filename>
|
||||
and the public key
|
||||
is stored in <filename>~/.ssh/id_rsa.pub</filename>.
|
||||
The
|
||||
<emphasis>public</emphasis> key must be copied to
|
||||
<filename>~/.ssh/authorized_keys</filename> on the remote
|
||||
machine in order for key-based authentication to
|
||||
machine for key-based authentication to
|
||||
work.</para>
|
||||
|
||||
<warning>
|
||||
|
|
@ -2638,42 +2661,48 @@ bb:48:db:f2:93:57:80:b6:aa:bc:f5:d5:ba:8f:79:17 user@host.example.com</screen>
|
|||
passphrase. In addition, to better secure end users,
|
||||
<literal>from</literal> may be placed in the public key
|
||||
file. For example, adding
|
||||
<literal>from="192.168.10.5"</literal> in the front of
|
||||
<literal>ssh-rsa</literal> or <literal>rsa-dsa</literal>
|
||||
prefix will only allow that specific user to login from
|
||||
<literal>from="192.168.10.5"</literal> in front of the
|
||||
<literal>ssh-rsa</literal>
|
||||
prefix will only allow that specific user to log in from
|
||||
that <acronym>IP</acronym> address.</para>
|
||||
</warning>
|
||||
|
||||
<para>The various options and files can be different
|
||||
according to the <application>OpenSSH</application> version.
|
||||
<para>The options and files vary with different versions of
|
||||
<application>OpenSSH</application>.
|
||||
To avoid problems, consult &man.ssh-keygen.1;.</para>
|
||||
|
||||
<para>If a passphrase is used, the user will be prompted for
|
||||
<para>If a passphrase is used, the user is prompted for
|
||||
the passphrase each time a connection is made to the server.
|
||||
To load <acronym>SSH</acronym> keys into memory, without
|
||||
needing to type the passphrase each time, use
|
||||
To load <acronym>SSH</acronym> keys into memory and remove
|
||||
the need to type the passphrase each time, use
|
||||
&man.ssh-agent.1; and &man.ssh-add.1;.</para>
|
||||
|
||||
<para>Authentication is handled by
|
||||
<command>ssh-agent</command>, using the private key(s) that
|
||||
are loaded into it. Then, <command>ssh-agent</command>
|
||||
should be used to launch another application such as a
|
||||
<command>ssh-agent</command>, using the private keys that
|
||||
are loaded into it. <command>ssh-agent</command>
|
||||
can be used to launch another application like a
|
||||
shell or a window manager.</para>
|
||||
|
||||
<para>To use <command>ssh-agent</command> in a shell, start it
|
||||
with a shell as an argument. Next, add the identity by
|
||||
running <command>ssh-add</command> and providing it the
|
||||
passphrase for the private key. Once these steps have been
|
||||
completed, the user will be able to <command>ssh</command>
|
||||
with a shell as an argument. Add the identity by
|
||||
running <command>ssh-add</command> and entering the
|
||||
passphrase for the private key.
|
||||
The user will then be able to <command>ssh</command>
|
||||
to any host that has the corresponding public key installed.
|
||||
For example:</para>
|
||||
|
||||
<screen>&prompt.user; ssh-agent <replaceable>csh</replaceable>
|
||||
&prompt.user; ssh-add
|
||||
Enter passphrase for key '/usr/home/user/.ssh/id_dsa': <replaceable>type passphrase here</replaceable>
|
||||
Identity added: /usr/home/user/.ssh/id_dsa (/usr/home/user/.ssh/id_dsa)
|
||||
Enter passphrase for key '/usr/home/user/.ssh/id_rsa': <co xml:id="co-ssh-agent-passphrase"/>
|
||||
Identity added: /usr/home/user/.ssh/id_rsa (/usr/home/user/.ssh/id_rsa)
|
||||
&prompt.user;</screen>
|
||||
|
||||
<calloutlist>
|
||||
<callout arearefs="co-ssh-agent-passphrase">
|
||||
<para>Enter the passphrase for the key.</para>
|
||||
</callout>
|
||||
</calloutlist>
|
||||
|
||||
<para>To use <command>ssh-agent</command> in
|
||||
<application>&xorg;</application>, add an entry for it in
|
||||
<filename>~/.xinitrc</filename>. This provides the
|
||||
|
|
|
|||
Loading…
Reference in a new issue