# Azamat H. Hackimov , 2010. msgid "" msgstr "" "Project-Id-Version: \n" "POT-Creation-Date: 2011-01-21 01:40+0500\n" "PO-Revision-Date: 2010-02-09 01:02+0500\n" "Last-Translator: Azamat H. Hackimov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" "X-Generator: Lokalize 1.0\n" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):6 msgid "Gentoo Linux Keychain Guide" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(author:title):8 msgid "Author" msgstr "автор" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(mail:link):9 msgid "eric.brown@dnbrown.net" msgstr "eric.brown@dnbrown.net" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(mail):9 msgid "Eric Brown" msgstr "Eric Brown" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(author:title):11 #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(author:title):14 msgid "Editor" msgstr "редактор" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(mail:link):12 msgid "vanquirius@gentoo.org" msgstr "vanquirius@gentoo.org" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(mail):12 msgid "Marcelo Góes" msgstr "Marcelo Góes" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(mail:link):15 msgid "nightmorph" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(abstract):18 msgid "" "This document describes how to use ssh shared keys along with the keychain " "program. It assumes basic knowledge of public key cryptography." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(version):27 msgid "2" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(date):28 #, fuzzy msgid "2010-12-16" msgstr "2009-10-08" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):31 msgid "Background" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):33 msgid "The problem at hand" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):36 msgid "" "So you have all of these lovely Gentoo machines running sshd, but " "it's a little inconvenient for you to keep typing in all of those login " "passwords, right? Or maybe you have a script or cron-job that needs a " "convenient way to use an ssh connection. Either way, there is a solution to " "this problem, and it begins with public key authentication." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):47 msgid "How does public key authentication work?" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):50 msgid "" "Assume we have a client that wants to connect to sshd on a server. The " "client first generates a key pair and gives the public key to the server. " "Afterwards, whenever the client attempts to connect, the server sends a " "challenge that is encrypted with that public key. Only the holder of the " "corresponding private key (the client) is able to decrypt it, so as you " "might have guessed, the correct response leads to successful authentication." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):63 msgid "How to use public key authentication" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):65 msgid "Generating your key pair" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):68 msgid "" "The first step is to create your key pair. To do this, we will use the " "ssh-keygen command as follows:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):73 msgid "Generating the key pair" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):73 #, no-wrap msgid "" "\n" "$ ssh-keygen -t dsa\n" "(Just accept the default values, and make sure to enter a strong passphrase)\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(warn):78 msgid "" "Be sure to choose a strong passphrase, especially if this key is used for " "root logons!" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):83 msgid "" "You should now have a private key in ~/.ssh/id_dsa and a public " "key in ~/.ssh/id_dsa.pub. We are ready to copy the public key " "over to the remote host." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):92 msgid "Preparing the server" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):95 msgid "" "We will be copying the ~/.ssh/id_dsa.pub file over to the " "server that runs sshd. We will also be adding it to the ~/.ssh/" "authorized_keys file that belongs the connecting user on that server. " "Here's an example of how to do that if you already have ssh access to the " "server." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):103 msgid "Copying the public key to the server" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):103 #, no-wrap msgid "" "\n" "$ scp ~/.ssh/id_dsa.pub server_user@server:~/myhost.pub\n" "$ ssh server_user@server \"cat ~/myhost.pub >> ~/.ssh/authorized_keys\"\n" "$ ssh server_user@server \"cat ~/.ssh/authorized_keys\"\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):109 msgid "" "The output from that last line should show you the contents of the ~/." "ssh/authorized_keys file. Make sure it looks correct." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):117 msgid "Testing the setup" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):120 msgid "" "Theoretically, if all went well, and the ssh daemon on the server allows it, " "we should be able to get ssh access without a password on the server now. We " "will still need to decrypt the private key on the client with the passphrase " "we used before, but this should not be confused with the passphrase of the " "user account on the server." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):128 msgid "Testing the keys" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):128 #, no-wrap msgid "" "\n" "$ ssh server_user@server\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):132 msgid "" "Hopefully, it asked you for your passphrase for id_dsa, and you were able to " "gain ssh access as server_user on the server. If not, login as server_user, " "and verify the contents of ~/.ssh/authorized_keys to make sure " "each entry is on a single line. You might also want to check the sshd " "configuration to make sure that it prefers to use public key authorization " "when available." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):140 msgid "" "At this point, you're probably thinking, \"What's the point, I just replaced " "one password with another?!\" Relax, the next section will show you exactly " "how we can use this to save your precious time." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):150 msgid "Making public key authentication convenient" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):152 msgid "Typical key management with ssh-agent" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):155 msgid "" "If you've been following along, you're probably thinking that it would be " "great if we could somehow decrypt our private key(s) once, and gain the " "ability to ssh freely, without any passwords. You are in luck, that is " "exactly what the program ssh-agent is for." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):162 msgid "" "The program ssh-agent is usually started at the beginning of your X " "session, or from a shell startup script like ~/.bash_profile. " "It works by creating a unix-socket, and registering the appropriate " "environment variables so that all subsequent applications can take advantage " "of it's services by connecting to that socket. Clearly, it only makes sense " "to start it in the parent process of your X session if you want to use the " "set of decrypted private keys in all subsequent X applications." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):172 msgid "Preparing ssh-agent" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):172 #, no-wrap msgid "" "\n" "$ ssh-agent\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(note):176 msgid "" "This ssh-agent will keep keys decrypted until you kill ssh-agent. If you " "want to set a lifetime for the keys, use the -t argument as described in " "man ssh-agent." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):182 msgid "" "When you run ssh-agent, it should tell you the PID of the running ssh-agent, " "and also set a few environment variables, namely SSH_AUTH_SOCK and " "SSH_AGENT_PID. It should also automatically add ~/.ssh/id_dsa to it's collection and ask you for the corresponding passphrase. If " "you have other private keys you want to add to the running ssh-agent, you " "can use the ssh-add command as follows:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):191 msgid "Adding more keys to ssh-agent" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):191 #, no-wrap msgid "" "\n" "$ ssh-add somekeyfile\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):195 msgid "" "Now for the magic. Since you should now have your decrypted private key " "ready, you should be able to ssh into the server without entering any " "passwords." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):200 msgid "Ssh without passwords" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):200 #, no-wrap msgid "" "\n" "$ ssh server\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):204 msgid "" "It would be nice to know how to shut down ssh-agent in case you need to, " "right?" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):208 msgid "Shutting down ssh-agent" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):208 #, no-wrap msgid "" "\n" "$ ssh-agent -k\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(note):212 msgid "" "If you had problems getting ssh-agent to work, it might still be running. " "You can kill it like any other process by running killall ssh-agent." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):217 msgid "" "If you want even more convenience from ssh-agent, proceed to the next " "section on using keychain. Be sure to kill the running ssh-agent as in the " "example above if you decide to do so." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):226 msgid "Squeezing the last drop of convenience out of ssh-agent" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):229 msgid "" "Keychain will allow you to reuse an ssh-agent between logins, and optionally " "prompt for passphrases each time the user logs in. Before we get ahead of " "ourselves though, let's emerge it first." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):235 msgid "Installing keychain" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):235 #, no-wrap msgid "" "\n" "# emerge keychain\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):239 msgid "" "Assuming that was successful, we can now use keychain freely. Add the " "following to your ~/.bash_profile to enable it:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):244 msgid "Enabling keychain in .bash_profile" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):244 #, no-wrap msgid "" "\n" "keychain ~/.ssh/id_dsa\n" ". ~/.keychain/$HOSTNAME-sh\n" ". ~/.keychain/$HOSTNAME-sh-gpg\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(note):250 msgid "" "You can add more private keys to the command line as you desire. Also, if " "you want it to ask for passphrases each time you spawn a shell, add the --" "clear option." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(note):256 msgid "" "If you are not using bash, check the EXAMPLES section of man " "keychain for examples of use in other shells. The idea is to get those " "commands to run each time you use a shell." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):262 msgid "" "Let's test it. First make sure we killed the ssh-agent from the previous " "section, then start up a new shell, usually by just logging in, or spawning " "a new terminal. It should prompt you for the password for each key you " "specified on the command line. All shells opened after that point should " "reuse the ssh-agent, allowing you to make passwordless ssh connections over " "and over." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):273 msgid "Using keychain with KDE" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):276 msgid "" "If you are a KDE user, instead of using ~/.bash_profile, you " "can let KDE manage ssh-agent for you. In order to do so, you will have to " "edit /etc/kde/agent-startup.sh, which is read during KDE's " "startup, and /etc/kde/shutdown/agent-shutdown.sh, which is " "executed during KDE's shutdown. Here is how you could edit those files:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):284 msgid "Editing /etc/kde/agent-startup.sh" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):284 #, no-wrap msgid "" "\n" "if [ -x /usr/bin/ssh-agent ]; then\n" " eval \"$(/usr/bin/ssh-agent -s)\"\n" "fi\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):290 msgid "Editing /etc/kde/shutdown/agent-shutdown.sh" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):290 #, no-wrap msgid "" "\n" "if [ -n \"${SSH_AGENT_PID}\" ]; then\n" " eval \"$(ssh-agent -k)\"\n" "fi\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):296 msgid "" "Now, all you have to do is launch a term of your choice, like Konsole, and " "load the keys you would like to use. For example:" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre:caption):301 msgid "Loading ssh key" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(pre):301 #, no-wrap msgid "" "\n" "$ keychain ~/.ssh/id_dsa\n" "(Enter your key password)\n" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):306 msgid "" "Your keys will be remembered until you end your KDE session or kill the ssh-" "agent manually." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):316 msgid "Concluding remarks" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):318 msgid "Security considerations" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):321 msgid "" "Of course, the use of ssh-agent may add a bit of insecurity to your system. " "If another user were to use your shell while you were in the bathroom, he " "could login to all of your servers without passwords. As a result, it is a " "risk to the servers you are connecting to, and you should be sure to consult " "the local security policy. If you do use it, be sure to take the appropriate " "measures to ensure the security of your sessions." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(title):333 msgid "Troubleshooting" msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(p):336 msgid "" "Most of this should work pretty well, but if you encounter problems, you'll " "certainly want to know a few useful things." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(li):342 msgid "" "If you are unable to connect without ssh-agent, consider using ssh with the " "arguments -vvv to find out what's happening. Sometimes the server is not " "configured to use public key authentication, sometimes it is configured to " "ask for local passwords anyway! If that is the case, you may want to also " "use the -o option with ssh, or change the server sshd_config." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(li):349 msgid "" "If you are having problems with ssh-agent or keychain, it may be that you " "are not using a shell that understands the commands they use. Consult the " "man pages for ssh-agent and keychain for details on working with other " "shells." msgstr "" #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(li):355 msgid "" "You may also want to visit the keychain homepage for more usage tips." msgstr "" #. Place here names of translator, one per line. Format should be NAME; ROLE; E-MAIL #: ../../gentoo/xml/htdocs/doc/en//keychain-guide.xml(None):0 msgid "translator-credits" msgstr ""