Athena at UVic

2) If you already have your RSA1 key generated (most probably ~/.ssh/identity and ~/.ssh/identity.pub files), go to point 3). Otherwise, generate the key, saving it in the default location with no passphrase:

4) Log on to LXPLUS and run. Note you must do this because you need to have links from ~/.ssh to ~/public/ for the public portion of your keys.

5) Add the PUBLIC key you copied in 3. in your ~/.ssh/authorized_keys file with the following command:

6) As you probably realized, when you login on LXPLUS without providing your password, you don't have AFS and Kerberos tokens. In order to be asked for the password while connecting to LXPLUS and not to be asked for it for CVS connections, create ~/.ssh/config file on your your Linux/Unix machine, and put the following contents in it:

The first call to ssh will prompt for a password, while the second one won't (which was the purpose).

7) Setup your CVSROOT environment to point at the Atlas cvs server

export CVSROOT=':ext:USERNAME@atlas-sw.cern.ch:/atlascvs'
export CVS_RSH='ssh'

Note that if you already had CVSROOT set for something else that you will be changing it.

Athena Installation and Operation at UVic

Setting Up SSH Keys

Introduction

The Procedure

Athena Installation and Operation at UVic
Setting Up SSH Keys Introduction To checkout from the cern atlas software repository you need to have ssh keys configured so that you don't need to enter the password every time you checkout a package. Basically the procedure you are going to follow involves setting up public/private RSA key combinations to do an authentication when you checkout from the Atlas cvs repository. Luckily you don't need to understand anything about how it all works to set it up. The Procedure The following procedure is adapted directly from the CERN IT Department webpage specifically for our machines at UVic. 1) Log on to a fate machine 2) If you already have your RSA1 key generated (most probably ~/.ssh/identity and ~/.ssh/identity.pub files), go to point 3). Otherwise, generate the key, saving it in the default location with no passphrase: mkdir -p ~/.ssh ssh-keygen -t rsa1 3) Copy the public key (~/.ssh/identity.pub) to your AFS home directory at CERN scp ~/.ssh/identity.pub *USERNAME@lxplus.cern.ch:~ 4) Log on to LXPLUS and run. Note you must do this because you need to have links from ~/.ssh to ~/public/ for the public portion of your keys. /afs/cern.ch/project/cvs/dist/bin/set_ssh 5) Add the PUBLIC key you copied in 3. in your ~/.ssh/authorized_keys file with the following command: $ cat ~/identity.pub >> ~/.ssh/authorized_keys 6) As you probably realized, when you login on LXPLUS without providing your password, you don't have AFS and Kerberos tokens. In order to be asked for the password while connecting to LXPLUS and not to be asked for it for CVS connections, create ~/.ssh/config* file on your your Linux/Unix machine, and put the following contents in it: Host lxplus.cern.ch lxplus Protocol 2 PubkeyAuthentication no PasswordAuthentication yes Host atlas-sw.cern.ch atlas Protocol 1 IdentityFile ~/.ssh/identity Now try the two commands: ssh *USERNAME@lxplus.cern.ch ssh USERNAME@atlas-sw.cern.ch The first call to ssh will prompt for a password, while the second one won't (which was the purpose). 7) Setup your CVSROOT environment to point at the Atlas cvs server export CVSROOT=':ext:USERNAME@atlas-sw.cern.ch:/atlascvs' export CVS_RSH='ssh' Note that if you already had CVSROOT set for something else that you will be changing it. (Thank you to Louis Poncet (IT/GD) for the idea of the config* file.)