X-Git-Url: http://git.tuebingen.mpg.de/?a=blobdiff_plain;f=web%2Fmanual.m4;h=46a2cd62f58e4c25eada652b10a855a60be60f1e;hb=5a07a1e3f287b74faf2b6cee18c84096ebcdee59;hp=ea5ebeb7ac2cfb701fd0b4b676f525b7fbc5c74f;hpb=e01b2ffa28b6770cd8771860e1e05b9c75beabd9;p=paraslash.git diff --git a/web/manual.m4 b/web/manual.m4 index ea5ebeb7..46a2cd62 100644 --- a/web/manual.m4 +++ b/web/manual.m4 @@ -315,7 +315,7 @@ following commands: user=bar target=~/.paraslash/server.users - key=~/.paraslash/key.pub.$user + key=~/.paraslash/id_rsa.pub.$user perms=AFS_READ,AFS_WRITE,VSS_READ,VSS_WRITE mkdir -p ~/.paraslash echo "user $user $key $perms" >> $target @@ -323,20 +323,25 @@ following commands: Next, change to the "bar" account on client_host and generate the key pair with the commands - key=~/.paraslash/key.$LOGNAME - mkdir -p ~/.paraslash - (umask 077 && openssl genrsa -out $key 2048) + ssh-keygen -t rsa -b 2048 + # hit enter twice to create a key with no passphrase -para_server only needs to know the public key of the key pair just -created. It can be extracted with +This generates the two files id_rsa and id_rsa.pub in ~/.ssh. Note +that paraslash can also read keys generated by the "openssl genrsa" +command. However, since keys created with ssh-keygen can also be used +for ssh, this method is recommended. - pubkey=~/.paraslash/key.pub.$LOGNAME - openssl rsa -in $key -pubout -out $pubkey +Note that para_server refuses to use a key if it is shorter than 2048 +bits. In particular, the RSA keys of paraslash 0.3.x will not work +with version 0.4.x. Moreover, para_client refuses to use a (private) +key which is world-readable. -Copy the public key just created to server_host (you may skip this step -for a single-user setup, i.e. if foo=bar and server_host=client_host): +para_server only needs to know the public key of the key pair just +created. Copy this public key to server_host: - scp $pubkey foo@server_host:.paraslash/ + src=~/.ssh/id_rsa.pub + dest=.paraslash/id_rsa.pub.$LOGNAME + scp $src foo@server_host:$dest Finally, tell para_client to connect to server_host: @@ -568,19 +573,6 @@ execute. The output of contains in the third column the permissions needed to execute the command. -A new RSA key can be created with - - openssl genrsa -out 2048 - -and the public part may be extracted with - - openssl rsa -in -pubout -out - -Note that para_server refuses to use a key if it is shorter than 2048 -bits. In particular, the RSA keys of paraslash 0.3.x will not work -with version 0.4.x. Moreover, para_client refuses to use a (private) -key which is world-readable. - It is possible to make para_server reread the user_list file by executing the paraslash "hup" command or by sending SIGHUP to the PID of para_server.