This semester, we are using Subversion with "SSH tunneling" to keep project repositories for teams and homework repositories for individuals. The repositories are all owned by cs164-ta and kept on the instructional machines. To access them, you must inform your local SSH software of a private key, and must inform cs164-ta of the matching public key.
We have already set up your instructional accounts to give you a public/private key pair. Just in case, however, we'll describe how to create a new pair. If you do this, you will also have to send us the public key so that we can update the repository's authentication information.
To authenticate yourself to a remote party with SSH, you give the remote
party a
SSH on Unix and MacOS keep SSH keys as files in a directory named .ssh. To create a pair of new keys on the instructional machines, use the command
ssh-keygen -t rsa -f ~/.ssh/NAME
where NAME is the name of the file that is to contain the private key.
We used the name id_rsa when we set up your accounts. It is
convenient because by default, ssh
knows to look for this key when you
use ssh from your instructional account. The command above
will also create a file ~/.ssh/NAME.pub, which contains the
corresponding public key (the one you can make public, and that you should
tell us about). You'll be asked for a passphrase. We used an empty passphrase
(just hit RETURN) in setting up your account, and for the purposes of this course, that
provides adequate security (the protection comes from the fact that your
private key is readable only by your account).
If you change your id_rsa key (rather than using the one we have supplied), you must tell us (via email) and send us the new public key by running the program
init-ssh-keyAlso, if you want to use this key to allow logging into your account from elsewhere, you must add the public key to your .ssh/authorized_keys file, which tells SSH on whatever machine it's on that someone presenting the corresponding private key is authorized to use this account. Initially, we put two keys into this file: the public key that is also stored in your .ssh/id_rsa.pub file (notated with your login at the end), and a master key used by the staff to fix things up in your account when they break (notated with the class master login). If you generate another key to replace your original id_rsa, replace the line for your old key in authorized_keys with the new id_rsa.pub contents (please do not disturb the class master key in that file).
Unless you intend to work entirely on the instructional machines, you will need to copy your private key to the .ssh directory of whatever machine(s) you intend to use for your work (let's call it your home machine), and inform the SSH program there of its existence (see Using Your Key, below).
Once you have a keys properly created and registered, the next step is to actually use SSH and Subversion to access your repository. On the instructional machines, you needn't do anything, since we have already set things up for you. So here, we'll consider what to do on other machines.
First, it is useful to tell your local SSH configuration about your private key for the repository. There are several techniques. If you are using OpenSSH on Unix or MacOS, you add a line to the file .ssh/config that says
IdentityFile ~/.ssh/privatekey(create the config file if needed). Whenever you use SSH or use Subversion with an "svn+ssh" repository, SSH will consult the indicated private key file(s) for a key to try (you can have any number of IdentityFile lines in your config file).
Alternatively, you can set up an SSH agent, which will allow you to specify the key you want to use and then provide it to programs that ask for it. Within a given Unix shell, the command
ssh-agent name-of-shellwill run the shell you name (csh, bash, etc.) and supply its environment with a link to an agent process. Alternatively, you can use
eval `ssh-agent`to supply that environment to the current shell.
Once you have started an agent, you may add keys to it with
ssh-add private-key-fileOther programs that you run from this shell, including Subversion, will be supplied with the authentication services with the keys you have added, and will not have to ask you for a passphrase.
Page was last modified on Sun Jan 24 16:08:06 2010.