Warning: This page is no longer in use. The information contained on the page should NOT be seen as relevant or reliable.
Contents
- 1 What is a SSH key?
- 2 Why do I need a SSH key?
- 3 How do I create a SSH key pair?
- 3.1 Eclipse
- 3.2 Unix/Linux
- 3.3 Windows
- 3.4 Mac OS X
What is a SSH key?
SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key.
The standard ssh2 file format (seehttp://www.openssh.org/txt/draft-ietf-secsh-publickeyfile-02.txt)looks like this:
---- BEGIN SSH2 PUBLIC KEY ----Comment: "jtbell@Jon-Bells-Computer"AAAAB3NzaC1kc3MAAACBAPNgmidbM2rhYjUXunpnlXjHWfV+vc8/5YKrn8Y5P0Y6KwmG2GGMgNBon3LX3iJlBhtuU3FCBj3G1Kdt5vUhQHhUmHVrOasi47vawTrv7ZJCfiaSGwRsiBHtJta5CAp7t0EnzX2q6BvPbFBBHNLyy6uNVpL2jOR06Pkx/vaqyScvAAAAFQDHvwmjWYwK9gK6Sp+pSvI7bwEUtwAAAIANMJDotMpfj89N+7+FJylSS+uFEQSS61PxENl/Mcj1jUREjJg2eNsJdAB9Ev99hWYS+7lFRtTJ2eh4Y9gpGe7BX3e2YGHOqp8cWCVCIKaMzwk9To+xnfThWqIfHT8I6CJxp/5ez02m6F2k/5iukvOwbGms6EAZK1DTBhDOHjEQwQAAAIAlz2/qBWkaMP+sW8FLmGKM+cCw5+asOaJGTwrFVuwJkDMvdEWxmG92A2dxuUske0d/AkN6zJp7HD0wlfesRM3+c+Res5qun9lFcdM4i03VoV5mXd+T7laS8yku6vZgvZZFnPvr2LOUnc7XThGFwMaQpFEWU8cvQbttO6QrT2CD2w==---- END SSH2 PUBLIC KEY ----
However, Moodle uses OpenSSH on its server and this key will not work with the OpenSSH server in this format; OpenSSH requires the key to be in OpenSSH format. Here is an example of a DSA public key in OpenSSH format (usually they are all in one line):
ssh-dss AAAAB3NzaC1kc3MAAACBAJ3hB5SAF6mBXPlZlRoJEZi0KSIN+NU2iGiaXZXi9CDrgVxTp6/sc56UcYCp4qjfrZ2G3+6PWbxYso4P4YyUC+61RU5KPy4EcTJske3O+aNvec/20cW7PT3TvH1+sxwGrymD50kTiXDgo5nXdqFvibgM61WW2DGTKlEUsZys0njRAAAAFQDs7ukaTGJlZdeznwFUAttTH9LrwwAAAIAMm4sLCdvvBx9WPkvWDX0OIXSteCYckiQxesOfPvz26FfYxuTG/2dljDlalC+kYG05C1NEcmZWSNESGBGfccSYSfI3Y5ahSVUhOC2LMO3JNjVyYUnOM/iyhzrnRfQoWO9GFMaugq0jBMlhZA4UO26yJqJ+BtXIyItaEEJdc/ghIwAAAIBFeCZynstlbBjP648+mDKIvzNSS+JYr5klGxS3q8A56NPcYhDMxGn7h1DKbb2AV4pO6y+6hDrWo3UT4dLVuzK01trwp PYp6JXTSZZ12ZaXNPz7sX9/z6pzMqhX4UEfjVsLcuF+ZS6aQCPO0ZZEa1z+EEIZSD/ykLQsDwPxGjPBqw== someone@somewhere.com
In addition to OpenSSH and Standard SSH formats there are a variety of proprietary formats as well as SSH1 and SSH2 differences to account for, which can make this confusing.
In the example above you will note that the key starts with "ssh-dss". This is because this key was generated using DSA as opposed to RSA. A number of vendors in the SSH arena have argued, as per the PuTTY documentation that can be found at http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html#S8.2.10 that users should employ RSA encryption because
DSA has an intrinsic weakness which makes it very easy to create a signaturewhich contains enough information to give away the private key! This would allow an attacker to pretend to be you for any number of future sessions.
An SSH2 public key in OpenSSH format will start with "ssh-rsa".
The idea behind all of this is that once you have keys on the remote server and your local host, access will be simpler since the server will only grant access to someone who has the matching private key.
Why do I need a SSH key?
Our CVS server uses OpenSSH, so if you are a Moodle developer and you want to make your logins easier (by avoiding typing in your password all the time) then you will need to submit public key in Openssh format via the "Update my developer information" tab at http://moodle.org/cvs.
How do I create a SSH key pair?
Eclipse
If you plan to use Eclipse for development, please refer to the Eclipse document https://docs.moodle.org/en/Eclipse as Eclipse now has a plugin that allows you to manage all ssh key matters from within Eclipse.
Unix/Linux
You can use ssh-keygen at your system prompt. Please consult the man page on your system for the options available to you.
- Run: ssh-keygen -t (rsa or dsa). This will not include a passphrase. *
- Use of rsa or dsa above will result in rsa or dsa replacing each XXX below.
- Look in your ~/.ssh directory (or wherever you saved the output). You'll find id_XXX (private) and id_XXX.pub (public).
- Cut and paste the contents of id_XXX.pub into your developer profile on http://moodle.org/cvs
- Put the private key wherever you will be calling CVS from (in your .ssh directory, for example). Make sure it's secure!
- This section initially recommended using ssh-keygen -d but it is unclear what the source of this -d option might be.
Windows
Use puttygen and follow the instructions here. Make sure you choose the RSA2 key format and that when you copy the key data into the textbox on the site, that you have all of the characters on one line. If you have opened the key with word pad, it will have line breaks in it which will stop it from working.
The box should look like this:
ssh-rsaAAAAWfg&jkf4D34H5@4svf..... (single very long line continues beyond edge of textbox)
Mac OS X
If you have an existing key in Putty format, open it in puttygen on windows and then choose conversions and export as openssh format. You can then import the key into OS X using
ssh-add -K filename
The -K flag is optional and stores your passphrase in the keychain ssh-add documentation
