Development:SSH key: Difference between revisions
Marc Grober (talk | contribs) |
Marc Grober (talk | contribs) |
||
Line 3: | Line 3: | ||
SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key. | SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key. | ||
Here is an example of a DSA public key in OpenSSH format (usually they are all in one line): | The standard ssh2 file format (see | ||
http://www.openssh.org/txt/draft-ietf-secsh-publickeyfile-02.txt) | |||
looks like this: | |||
---- BEGIN SSH2 PUBLIC KEY ---- | |||
Comment: "jtbell@Jon-Bells-Computer" | |||
AAAAB3NzaC1kc3MAAACBAPNgmidbM2rhYjUXunpnlXjHWfV+vc8/5YKrn8Y5P0Y6KwmG2G | |||
GMgNBon3LX3iJlBhtuU3FCBj3G1Kdt5vUhQHhUmHVrOasi47vawTrv7ZJCfiaSGwRsiBHt | |||
Jta5CAp7t0EnzX2q6BvPbFBBHNLyy6uNVpL2jOR06Pkx/vaqyScvAAAAFQDHvwmjWYwK9g | |||
K6Sp+pSvI7bwEUtwAAAIANMJDotMpfj89N+7+FJylSS+uFEQSS61PxENl/Mcj1jUREjJg2 | |||
eNsJdAB9Ev99hWYS+7lFRtTJ2eh4Y9gpGe7BX3e2YGHOqp8cWCVCIKaMzwk9To+xnfThWq | |||
IfHT8I6CJxp/5ez02m6F2k/5iukvOwbGms6EAZK1DTBhDOHjEQwQAAAIAlz2/qBWkaMP+s | |||
W8FLmGKM+cCw5+asOaJGTwrFVuwJkDMvdEWxmG92A2dxuUske0d/AkN6zJp7HD0wlfesRM | |||
3+c+Res5qun9lFcdM4i03VoV5mXd+T7laS8yku6vZgvZZFnPvr2LOUnc7XThGFwMaQpFEW | |||
U8cvQbttO6QrT2CD2w== | |||
---- END SSH2 PUBLIC KEY ---- | |||
However, this key will not work with the OpenSSH server. OpenSSH requires the key in OpenSSH format. Here is an example of a DSA public key in OpenSSH format (usually they are all in one line): | |||
ssh-dss AAAAB3NzaC1kc3MAAACBAJ3hB5SAF6mBXPlZlRoJEZi0KSIN+NU2iGiaXZXi9CDrgVxTp6/ | ssh-dss AAAAB3NzaC1kc3MAAACBAJ3hB5SAF6mBXPlZlRoJEZi0KSIN+NU2iGiaXZXi9CDrgVxTp6/ | ||
Line 13: | Line 30: | ||
2AV4pO6y+6hDrWo3UT4dLVuzK01trwp PYp6JXTSZZ12ZaXNPz7sX9/z6pzMqhX4UEfjVsLcuF+ZS6a | 2AV4pO6y+6hDrWo3UT4dLVuzK01trwp PYp6JXTSZZ12ZaXNPz7sX9/z6pzMqhX4UEfjVsLcuF+ZS6a | ||
QCPO0ZZEa1z+EEIZSD/ykLQsDwPxGjPBqw== someone@somewhere.com | QCPO0ZZEa1z+EEIZSD/ykLQsDwPxGjPBqw== someone@somewhere.com | ||
In addition to OpenSSH and Standard SSH formats there are a variety of proprietary formats as well as SSH1 and SSH2 differences to account for, which can make this confusing. | |||
In the example above you will note that the key starts with "ssh-dss". This is because this key was generated using DSA as opposed to RSA. A number of vendors in the SSH arena have argued, as per the PuTTY documentation that can be found at http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html#S8.2.10 that users should employ RSA encryption because | |||
DSA has an intrinsic weakness which makes it very easy to create a signature | |||
which contains enough information to give away the private key! This would | |||
allow an attacker to pretend to be you for any number of future sessions. | |||
The idea is that you put your public key on servers that you want to establish a connection with. The server will only grant access to someone who has the matching private key. | The idea is that you put your public key on servers that you want to establish a connection with. The server will only grant access to someone who has the matching private key. |
Revision as of 21:55, 15 April 2008
What is a SSH key?
SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key.
The standard ssh2 file format (see http://www.openssh.org/txt/draft-ietf-secsh-publickeyfile-02.txt) looks like this:
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "jtbell@Jon-Bells-Computer" AAAAB3NzaC1kc3MAAACBAPNgmidbM2rhYjUXunpnlXjHWfV+vc8/5YKrn8Y5P0Y6KwmG2G GMgNBon3LX3iJlBhtuU3FCBj3G1Kdt5vUhQHhUmHVrOasi47vawTrv7ZJCfiaSGwRsiBHt Jta5CAp7t0EnzX2q6BvPbFBBHNLyy6uNVpL2jOR06Pkx/vaqyScvAAAAFQDHvwmjWYwK9g K6Sp+pSvI7bwEUtwAAAIANMJDotMpfj89N+7+FJylSS+uFEQSS61PxENl/Mcj1jUREjJg2 eNsJdAB9Ev99hWYS+7lFRtTJ2eh4Y9gpGe7BX3e2YGHOqp8cWCVCIKaMzwk9To+xnfThWq IfHT8I6CJxp/5ez02m6F2k/5iukvOwbGms6EAZK1DTBhDOHjEQwQAAAIAlz2/qBWkaMP+s W8FLmGKM+cCw5+asOaJGTwrFVuwJkDMvdEWxmG92A2dxuUske0d/AkN6zJp7HD0wlfesRM 3+c+Res5qun9lFcdM4i03VoV5mXd+T7laS8yku6vZgvZZFnPvr2LOUnc7XThGFwMaQpFEW U8cvQbttO6QrT2CD2w== ---- END SSH2 PUBLIC KEY ----
However, this key will not work with the OpenSSH server. OpenSSH requires the key in OpenSSH format. Here is an example of a DSA public key in OpenSSH format (usually they are all in one line):
ssh-dss AAAAB3NzaC1kc3MAAACBAJ3hB5SAF6mBXPlZlRoJEZi0KSIN+NU2iGiaXZXi9CDrgVxTp6/ sc56UcYCp4qjfrZ2G3+6PWbxYso4P4YyUC+61RU5KPy4EcTJske3O+aNvec/20cW7PT3TvH1+sxwGry mD50kTiXDgo5nXdqFvibgM61WW2DGTKlEUsZys0njRAAAAFQDs7ukaTGJlZdeznwFUAttTH9LrwwAAA IAMm4sLCdvvBx9WPkvWDX0OIXSteCYckiQxesOfPvz26FfYxuTG/2dljDlalC+kYG05C1NEcmZWSNES GBGfccSYSfI3Y5ahSVUhOC2LMO3JNjVyYUnOM/iyhzrnRfQoWO9GFMaugq0jBMlhZA4UO26yJqJ+BtX IyItaEEJdc/ghIwAAAIBFeCZynstlbBjP648+mDKIvzNSS+JYr5klGxS3q8A56NPcYhDMxGn7h1DKbb 2AV4pO6y+6hDrWo3UT4dLVuzK01trwp PYp6JXTSZZ12ZaXNPz7sX9/z6pzMqhX4UEfjVsLcuF+ZS6a QCPO0ZZEa1z+EEIZSD/ykLQsDwPxGjPBqw== someone@somewhere.com
In addition to OpenSSH and Standard SSH formats there are a variety of proprietary formats as well as SSH1 and SSH2 differences to account for, which can make this confusing.
In the example above you will note that the key starts with "ssh-dss". This is because this key was generated using DSA as opposed to RSA. A number of vendors in the SSH arena have argued, as per the PuTTY documentation that can be found at http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html#S8.2.10 that users should employ RSA encryption because
DSA has an intrinsic weakness which makes it very easy to create a signature which contains enough information to give away the private key! This would allow an attacker to pretend to be you for any number of future sessions.
The idea is that you put your public key on servers that you want to establish a connection with. The server will only grant access to someone who has the matching private key.
Why do I need a SSH key?
Our CVS server uses OpenSSH, so if are a Moodle developer and you want to make your logins easier (by avoiding typing in your password all the time) then you will need to submit public key in Openssh format via the "Update my developer information" tab at http://moodle.org/cvs.
How do I create a SSH key pair?
Eclipse
If you plan to use Eclipse for development, please refer to the Eclipse document https://docs.moodle.org/en/Eclipse as Eclipse now has a plugin that allows you to manage all ssh key matters from within Eclipse.
Unix/Linux
- Run: ssh-keygen -d
- Look in your ~/.ssh directory (or wherever you saved the output). You'll find id_dsa (private) and id_dsa.pub (public).
- Cut and paste the contents of id_dsa.pub into your developer profile on http://moodle.org/cvs
- Put the private key wherever you will be calling CVS from (in your .ssh directory, for example). Make sure it's secure!