From: Andre Noll Date: Thu, 3 Mar 2011 08:31:20 +0000 (+0100) Subject: manual: Change instructions for creating RSA keys. X-Git-Tag: v0.4.7~8^2 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=e0b60e3bb1ac537c1f7c037aac8b4b7afbdcb0dc;p=paraslash.git manual: Change instructions for creating RSA keys. Decribe how to create an rsa key with ssh-keygen instead of "openssl genrsa". --- diff --git a/web/manual.m4 b/web/manual.m4 index 30fe922f..97c5a37d 100644 --- a/web/manual.m4 +++ b/web/manual.m4 @@ -311,7 +311,7 @@ following commands: user=bar target=~/.paraslash/server.users - key=~/.paraslash/key.pub.$user + key=~/.paraslash/id_rsa.pub.$user perms=AFS_READ,AFS_WRITE,VSS_READ,VSS_WRITE mkdir -p ~/.paraslash echo "user $user $key $perms" >> $target @@ -319,20 +319,25 @@ following commands: Next, change to the "bar" account on client_host and generate the key pair with the commands - key=~/.paraslash/key.$LOGNAME - mkdir -p ~/.paraslash - (umask 077 && openssl genrsa -out $key 2048) + ssh-keygen -t rsa -b 2048 + # hit enter twice to create a key with no passphrase -para_server only needs to know the public key of the key pair just -created. It can be extracted with +This generates the two files id_rsa and id_rsa.pub in ~/.ssh. Note +that paraslash can also read keys generated by the "openssl genrsa" +command. However, since keys created with ssh-keygen can also be used +for ssh, this method is recommended. - pubkey=~/.paraslash/key.pub.$LOGNAME - openssl rsa -in $key -pubout -out $pubkey +Note that para_server refuses to use a key if it is shorter than 2048 +bits. In particular, the RSA keys of paraslash 0.3.x will not work +with version 0.4.x. Moreover, para_client refuses to use a (private) +key which is world-readable. -Copy the public key just created to server_host (you may skip this step -for a single-user setup, i.e. if foo=bar and server_host=client_host): +para_server only needs to know the public key of the key pair just +created. Copy this public key to server_host: - scp $pubkey foo@server_host:.paraslash/ + src=~/.ssh/id_rsa.pub + dest=.paraslash/id_rsa.pub.$LOGNAME + scp $src foo@server_host:$dest Finally, tell para_client to connect to server_host: @@ -564,19 +569,6 @@ execute. The output of contains in the third column the permissions needed to execute the command. -A new RSA key can be created with - - openssl genrsa -out 2048 - -and the public part may be extracted with - - openssl rsa -in -pubout -out - -Note that para_server refuses to use a key if it is shorter than 2048 -bits. In particular, the RSA keys of paraslash 0.3.x will not work -with version 0.4.x. Moreover, para_client refuses to use a (private) -key which is world-readable. - It is possible to make para_server reread the user_list file by executing the paraslash "hup" command or by sending SIGHUP to the PID of para_server.