Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Creating and Managing SSH Keys

Though many parts of the ClearFoundation infrastructure are protected by usernames and passwords, SSH keys are used for security sensitive areas. Your own systems can be set up to favor a key-based paradigm. In particular, all software maintainers, ClearGLASS users, tightened ClearOS systems, contributors and developers require key-based access for the following systems:

If using SSH keys is new to you, then this document will guide you through the process of creating and managing SSH keys. If you are familiar with SSH keys but need to know how to manage multiple keys, you too will find this document to be helpful.

Generating an SSH Key

You can either use your own SSH key, or you can generate a separate key for accessing key-based systems. We strongly suggest the latter. To generate a key, run the following:

ssh-keygen -t rsa -f ~/.ssh/id_rsa.clearfoundation -C "ClearFoundation"

Creating the SSH Configuration

To make sure SSH is aware of this key, add it to the ~/.ssh/config file. If this file does not exist, create it:

touch ~/.ssh/config
chmod 600 ~/.ssh/config

Now edit the config file with your favorite text editor and add the following:

Host *.clearfoundation.com
  User username
  IdentityFile ~/.ssh/id_rsa.clearfoundation
  ConnectTimeout 20
  Protocol 2
  ForwardAgent yes

Don't forget to change username to your ClearFoundation username and the IdentityFile filename if you specified something different.

Managing Multiple Keys

If you are using multiple keys, add another Host configuration block in your SSH config file. For example, the developers from ClearCenter use a different SSH key for accessing ClearCenter systems. A config file for this scenario looks like:

Host *.clearfoundation.com
  User username
  IdentityFile ~/.ssh/id_rsa.clearfoundation
  ConnectTimeout 20
  Protocol 2
  ForwardAgent yes

Host *.clearcenter.com
  User username
  IdentityFile ~/.ssh/id_rsa.clearcenter
  ConnectTimeout 20
  Protocol 2
  ForwardAgent yes

Host *
  IdentityFile ~/.ssh/id_rsa.my_personal_key
  IdentityFile ~/.ssh/id_rsa.clearfoundation
  IdentityFile ~/.ssh/id_rsa.clearcenter

Configuring the Target System

If you would like to test your SSH setup, find another Linux system with shell access. You can use a ClearOS system of course, just make sure you have shell access enabled for your login.

  • Login to your target system with SSH
  • Create the .ssh directory if it does not exist, and tighten up the file permissions:
mkdir ~/.ssh
chmod 700 ~/.ssh
  • Create the .ssh/authorized_keys file if it does not exist. Again, tighten up the file permissions:
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
  • Append the contents of your public key ( ~/.ssh/id_rsa.clearfoundation.pub) to the authorized_keys file. The key looks something like (though it will be much longer):
ssh-rsa ABUNCHOFSEEMLINGLYRANDOMCHARACTERSTHATISREALLYLONG== ClearFoundation 

And that's it. Logout of your target system then try to login again. You should get prompted for a password, but it won't be your login password – it will instead be your SSH key password for id_rsa.clearfoundation. On most Linux systems, this password is cached using an SSH key agent (see next section). This means that you will only have to provide the password once per local login session.

Integrating with an SSH Key Agent

If you are running a Linux system, you probably already have an SSH key agent running. This lets you type in your SSH key's password once and it will be remembered for the rest of your login session. The behavior of the key agent differs from one Linux distribution to another. If you run into issues, you may want to run the following command from a shell:

ssh-add ~/.ssh/id_rsa.clearfoundation

You can add multiple keys if necessary.

Sending Your Public Key

If you are setting up a developer account with us, please send an e-mail to developer@clearfoundation.com to arrange the transfer of your public key.

content/en_us/dev_creating_and_managing_ssh_keys.txt · Last modified: 2018/07/16 18:42 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Adev_creating_and_managing_ssh_keys&1544794497