Setup the SSH connexion to Gforge @ uni.lu

Remote access to the server is restricted to SSH connexion with public key authentication meaning you'll have to setup this connection through the Gforge interface. This setup is required to be able to:

  • commit modifications in code repositories (svn / git)
  • modify the configuration of code repositories (access control, hooks etc.)
  • modify the project homepage
  • upload files for the project web site
  • upload files to your private homedir

Secure SHell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. To use SSH, you have to generate a pair of keys, one public and the other private. The public key authentication practiced on Gforge @ uni.lu supposes that the public key is known by the system to operate an authentiation based on a challenge/response protocol instead of the classical password based protocol.

Here are the steps for generating an SSH key pair on Linux/BSD/Mac and on Windows. Once this is done, you should update your Gforge account with your SSH public key. Finally you may be interested in avoiding the typing of your passphrase for every SSH connexion using ssh-agent or pageant.

SSH key generation on Linux/BSD/Mac

A SSH client should already be installed on your machine and should be accessible from the command line (or a Terminal) through the ssh command. To generate SSH keys, just use the ssh-gen command ($ stands for the prompt and is not part of the command of course):

$ ssh-keygen

Select a strong passphrase as this will be your personnal key pair or leave it empty if you don't want to worry about further passphrase enquiry. After the execution of ssh-keygen command, the keys are generated and stored in the following files:

SSH RSA Private key: $HOME/.ssh/id_rsa
SSH RSA Public key: $HOME/.ssh/id_rsa.pub

Ensure the access rights are correct on the generated keys using the 'ls -l' command. The private key should be readable only by you:

$ ls -l ~/.ssh/id*
-rw------- 1 svarrette clusterusers 672 2007-07-20 12:30 .ssh/id_rsa
-rw-r--r-- 1 svarrette clusterusers 609 2007-07-20 12:30 .ssh/id_rsa.pub

Now you can copy-paste the content of you public key on the server (use cat $HOME/.ssh/id_rsa.pub to retrieve the content of your public key).

SSH key generation on Windows

If you do not have an ssh client, you need to install one. You're strongly advised to use Putty. You can download the Windows installer from the Putty web site. If you do not have sufficient privileges to install it, ask your system administrator to install it for you.

Note: an alternative is to use the Cygwin emulator of Linux systems. In that case, you can follow the information relative to Linux systems.

Then, the key generation can be done as follows:

  • Run the puttygen.exe Puttygen icon utility to generate a pair of private/public keys: Puttygen
  • Make sure the SSH-2 RSA parameter is selected at the bottom of the window and click on the Generate button: Puttygen
  • Once you have accumulated enough entropy, the application generates the key: Puttygen
  • Make sure you enter a lengthy passphrase in the Key passphrase field and confirm it in the Confirm passphrase field.
  • Click on the Save private key button to save your private key in a file.
  • With your mouse, select the content of the box labeled Public key for copying it (that is, hit Control-C): Puttygen

If you set a passphrase (as strongly advised), you should run Pageant (see the last section of this page). On a Windows 7 system, Putty must be started by system manager role, or else it will be blocked in some functions You can now go to the next step.

Update your Gforge account with your SSH public key

Now you should have copied your SSH public key. Paste it in the gforge website. To do this, you need to go to your page and then select the "My account" tab. At the bottom of the page, you should see a Shell Account Information section which contains an "Edit keys" link:

Shell account information box

Note: A common problem is that the Shell Account Information field does not appear in your account page. This usually happens because you do not belong to any gforge project. To correct this problem, either create your own project first or request the project admin of the project you want to join to add you to the list of the project's contributors.

Now click on the "Edit keys" link and paste (that is, hit control-V) your public key(s) in the empty field below and click the "Add" button:

Authorized keys file maintenance

To check that you have successfully configured SSH, try to connect to Gforge @ uni.lu (replace your_login with your login on gforge):

  • on Linux/BSD/Mac: open a terminal and run :

    ssh your_login@gforge.uni.lu
    
  • on Windows, use Putty to connect to the host gforge.uni.lu with the login your_login

The first time you'll try it, you'll have to confirm the addition of gforge.uni.lu in your list of known hosts. Then enter your SSH passphrase (if needed). That's all: you should be connected to Gforge @ uni.lu.

Avoid typing your passphrase for every SSH connection

If (as it is advised for security reasons) you add a passphrase for accessing to your private key, you may start to be annoyed by the necessity to type it every time a SSH connexion interviene. Here comes two utility for you:

  • ssh-agent under Linux/BSD/MAC OS X system; please refer to some tutorials on the Internet;
  • Pageant under Windows which is part of the Putty softs. To load your SSH key in Pageant, just right-click on the pageant icon in the system tray, click on the "Add key" menu item and select the private key file you saved while running puttygen.exe and click on the Open button: a new dialog pops up and ask you for passhrase. Once your passphrase is entered, your key will be loaded in pageant.