Help: SSH Keys

opensolaris.org SSH key help

The source code management systems on opensolaris.org are SSH-based, so developers need to have an SSH key pair and share the public key with opensolaris.org.

1. Generating a key pair

On an OpenSolaris-based system, a key pair can be generated using the ssh-keygen(1) command. More information about the ssh-keygen(1) command can be found on the ssh-keygen man page.  

It is recommended that keys contain at least 1024 bits, and be protected with a password of at least 8 characters, containing both lower- and uppercase letters, and 2 or more non-letters. 

A sample invocation and output of the ssh-keygen(1) command to generate these keys would be:

$ ssh-keygen -b 1024 -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/member//.ssh/id_dsa):
Created directory '/export/home/member//.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/member//.ssh/id_dsa.
Your public key has been saved in /export/home/member//.ssh/id_dsa.pub.
The key fingerprint is:
3e:f4:f8:c4:39:91:53:67:78:88:56:e7:8c:c5:39:37 member@rampage

As you can see from the output above, this command asks you for a filename within the  .ssh directory to save your keys in, along with a password. 

The public key will be in a file called id_dsa.pub, while the private key will be in id_dsa. 

(You may also use the -f option to ssh-keygen to generate your keys at a different location.) 

In this example, the public key looks like the following:

$ cat .ssh/id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAKVifmgpyGYg8OteHL2d1uzlW4CU3CJxVW91aNl70aeMfTW/7cMCi+1ZYsTigaKClchVN3fcOPNyo4EGQ0Elq40JolgxFvuHBmfOlJZGBrSrzm2DCpnd2JvEkgXjHGayCCpVRfKDuB+Axa30ct2VmZbBeZd3hW25yhlz1HDqjQ3xAAAAFQDLYUqSv1nSxEw9EqQn9G++FD6VxwAAAIEAkjFxCj9+ra6movzxu/+h2HYkFsbO/4dOWS/HJ2z64y9ZDtPy2td+4GWRSPCA8HJmlqM/uyLFeGgaxBglZ6TUxcZK9JiKzidRM5oEXczlcAG2ewIbOqal1AyZKbboDlCKvd6n6LPRWXVOtxUThABeSUFOXqCXrlJVfz4uEPjiB6QAAACAakET3IxNNNqxVghUt5rzI4lAWIu2V0OgVT9k/+CutdjEfCNCbTf9ZJTxBix3QwD/T1yNgaJ3sY1of42tZBok2AVbcTq+OqW0H/0E96E6a+qNm9P4RwX5z3BQxQT/88A46QqKI+rGZGH6OPn58X2wPGmhwyuMKPV0I5ymBxWcPjI= member@rampage

This is the key you will need to upload to opensolaris.org.

2. Sharing the public key with opensolaris.org

Once created, public keys are submitted via your user account. Log in to auth.opensolaris.org, click on "Edit your account" and then on "SSH keys" in the left nav. See screen shot below:

If you used the above ssh-keygen command, then set the Key Type to DSA. Give the key a useful description, like "Work", "Laptop", or some other appropriate label. Finally, paste the contents of the id_dsa.pub file (or whatever file contains the public key) into the Key field. A particularly easy way to paste your public key into the Update Profile form is to bring up a second browser window with the id_dsa.pub file, via a URL like

file:///export/home/member/.ssh/id_dsa.pub

and select and copy the entire line to the clipboard, and finally paste into the Key field. Pasting operations between terminal windows and browsers are likely to be very frustrating, with inappropriate wrapping and whitespace insertion.

A key update can take up to an hour. 

Bug The SSH public key submission check is too zealous, and will reject keys with trailing whitespace. If you're having trouble submitting a key, please check that there isn't extra data, spaces, or carriage returns in the field. If you're stuck, contact us on website-admin AT opensolaris DOT org; if you're really stuck, mail your public key(s) to key-submissions AT opensolaris DOT org, and we'll get them into the proper place.