This document describes how to configure SSH for DDC-I developers.

There are two main steps. The first is to copy the provided private key to your local ssh configuration directory. The second is to rig an ssh configuration file.

We recommend the following steps be performed in the order presented.

Create a .ssh directory using the instructions below.

On Windows, if you are using Windows native tools that will use SSH (rather than all cygwin tools), the .ssh directory must physically reside in your %USERPROFILE% directory, and it needs to be linked from your cygwin home (if they are different).

 userprofile=$(cygpath "$USERPROFILE")
 mkdir "$userprofile/.ssh"
 chmod go-rwx "$userprofile/.ssh"
 cd ~
 ln -s "$userprofile/.ssh" .ssh
 chmod -R go-rwx ~/.ssh/

Create an ~/.ssh/config file:

 touch ~/.ssh/config

that contains (at least):

 # Used for making releases.
 host deosftp deos-ftp # the one with hyphen is accidental/historical, new should use "deosftp"
   HostName deos.ddci.com
   Port 47734
   Protocol 2
   ServerAliveInterval 15
   ServerAliveCountMax 10
   User deosftp
   IdentityFile ~/.ssh/id_rsa
 
 host deos linux03 linux04 *.ddci.com
   Port 47734
   Protocol 2
   ServerAliveInterval 15
   ServerAliveCountMax 10
   User yourServerUsername
   IdentityFile ~/.ssh/id_rsa

In the above yourServerUsername is e.g., alarson

The host line should list all servers you use. The deosftp entry is used when making software releases.

If your user on your local machine is not the same as your user on the DDCI domain, then you must include a "User" entry for the *.ddci.com hosts.

Moving from another laptop, or moving from cygwin environment, you don't need to create new keys.

If you see...
gpg: no default secret key: No secret key
gpg: Warning: not using 'username' as default key: No secret key
copy from C:\home\username\.gnupg\secring.gpg 
     to   \\wsl.localhost\Ubuntu\home\username\.gnupg\secring.gpg

Create your own RSA ID file. From your local machine's bash console, run:

 ssh-keygen -t rsa

When asked for a passphrase, come up with your favorite passphrase (i.e. this does not have to match any of your DDC-I passwords). This command creates a couple of files at your home directory in the (hidden) .ssh directory: id_rsa and id_rsa.pub.

From your local bash console copy the id_rsa.pub file to the server(s):

 #Note For deosftp, the password is here: passwords
 ssh-copy-id deosftp

 #Note For linux03 use your linux password.
 ssh-copy-id linux03  Your Linux Password

Most modern systems start a key agent automatically. Of course Windows doesn't. First you have to make all windows processes look at the same place. You do this by setting a Windows environment variable. To do this type the following from a Cygwin or Windows terminal/console:

 setx SSH_AUTH_SOCK ~/.ssh/ssh-agent-sockset

The path must resolve to a local NTFS file system, e.g., not a host directory mounted from a VM.

Next edit your ~/.bashrc and add the following lines:

  if [[ $- == *i* ]]; then #interactive
      # start the ssh-agent
      AGENT_PID=$(ps -W | grep ssh-agent)
      if [ $? -ne 0 ]; then
          ssh-agent -a $SSH_AUTH_SOCK && ssh-add ~/.ssh/id_rsa
      fi
  fi

The above will cause the Cygwin terminal to check if the key agent is running each time you launch the terminal and if it isn't it running start the key agent which will prompt you for the passphrase you entered above. Once you do this you will not have to enter the passphrase again until you log out of your windows machine.

Note: My experience is that the above was not sufficient for Windows cygwin shell. Edit the .bashrc after the:

  # If not running interactively, don't do anything
  [[ "$-" != *i* ]] && return
  

with the following:

  setx SSH_AUTH_SOCK ~/.ssh/ssh-agent-sockset
  AGENT_PID=$(ps -W | grep ssh-agent)
  if [ $? -ne 0 ]; then
    echo SSH BEGIN:
    rm -f $SSH_AUTH_SOCK
    ssh-agent -a $SSH_AUTH_SOCK && ssh-add ~/.ssh/id_rsa
    echo SSH END.
  fi
  

RDR

If you are so inclined you could move the key agent starting code to a script that is only run at windows startup. The Instructions for doing this a TBD.

At this point, you should be able to log into the Deos FTP server via:

[MattBookPro:~]$ ssh deosftp
Last login: Thu Mar 27 11:14:59 2014 from mattbookpro.ddci.com ssh deosftp
-bash-3.2$

If you are having difficulty with the above, you may find the following helpful to debug problems.

When you use ssh/rsync, and the port shows up as 22 even though you have a .ssh/config file, you should check the /etc/passwd file to make sure that your home directory is properly set. Your home directory is the path specified in the second to last colon separated field:

 grep alarson /etc/passwd
 alarson:unused:1017:513:alarson,U-ALARSONLAP\alarson,S-1-5-bla-bla-bla:/home/alarson:/bin/bash

In the above, "/home/alarson" is the home directory. Note you can use /cygdrive/c paths as well if you put your home directory outside of a Cygwin root.

According to the Cygwin FAQ, the following should work also:

 mkpasswd -l >/etc/passwd

Some online documentation indicates the above honors the HOME environment variable, so if you set that first you should have joy. If someone confirms this, please remove the weasel words above.

I did not want to remove any wording because what I did worked for me, but that does not necessarily mean what is written does not work. I did not have success with the -l option. When I used "mkpasswd -l > /etc/passwd" the output did not have my username in it. I had success with the the -c option.

 mkpasswd -c >/etc/passwd

With the -c option I noticed two things. First, my ussername was included. Second, the "/home..." included the "/cygdrive/c" path.

 mlandreth:unused:13613:11130:U-DDCI\mlandreth,S-1-5-21-590545762-1655215906-4055926742-3613:/cygdrive/c/home/mlandreth_deos_maint:bin/bash

In previous attempts I had difficulties that seemed to be related to resolving the home path. I may have had other issues that were the root cause of my problem so I just wanted to convey what I did without deleting the previous guidance in case what I did is helpful.

The Google is a great source for learning about ssh and public/private key logins.

---