Start up a cygwin window, by clicking on the
desktop icon
Enter the command:
ssh-keygen
and accept the choices, just enter CR for a pass phrase.
This puts the private and public keys in
c:\cygdrive\home\<yourid>\.ssh
cd .ssh ftp ftp.slac.stanford.edu <your id> <your SLAC password> cd .ssh put id_rsa.pub quit |
ssh centaurusa <your SLAC password> cd .ssh cat id_rsa.pub >> .public/authorized_keys2 ln -s authorized_keys2 .public/authorized_keys2 |
Notes: this used ssh, but since you are not yet authenticated, it required a
password.
It will probably ask you to accept centaurusa.slac.stanford.edu, which is
needed for ftp. (Type "yes".)
The last command is only needed if there is not a symlink already
Now, on glast-ts, the command ssh -v centaurusa (-v for the
verbose output) should look like this it everything is setup properly:
$ ssh -v centaurusa OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct 2005 debug1: Connecting to centaurusa [134.79.86.187] port 22. debug1: Connection established. debug1: identity file /home/burnett/.ssh/identity type -1 debug1: identity file /home/burnett/.ssh/id_rsa type 1 debug1: identity file /home/burnett/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_4.4 debug1: match: OpenSSH_4.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'centaurusa' is known and matches the RSA host key. debug1: Found key in /home/burnett/.ssh/known_hosts:5 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: publickey debug1: Trying private key: /home/burnett/.ssh/identity debug1: Offering public key: /home/burnett/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. |
The key lines are in red: that id_rsa is "type 1", implying that it will be
offered, and finally the SLAC setup is ok for accepting it.
There may be a password request generated by the GLAST .cshrc file: the
publickey method authenticates you with read/write permission in the nsf
space, sufficient for ftp, but does not set the kerberos token for afs
space, including your home directory. That would require an additional
"klog" command.
Note that is is necessary that the authorized_keys2 file at SLAC has world and group read, but not write permission:
burnett@noric05 $ ls -l ~/.ssh/.public total 5 -rw-r--r-- 1 burnett ek 624 Nov 28 14:09 authorized_keys2 -rw-r--r-- 1 burnett ek 398 Nov 28 13:55 id_rsa.pub -rw-r--r-- 1 burnett ek 1017 Oct 26 2000 known_hosts |
The magic, if needed, to fix that is "chmod 644 authorized_keys2".
Another check is that the cvs environment variables are correct on glast-ts:
d:\users\burnett>set cvs CVSROOT=:ext:centaurusa.slac.stanford.edu:/nfs/slac/g/glast/ground/cvs CVS_RSH=ssh |