External folks: like most of the current changes, this won't yet affect
you directly. When we move the gate off-SWAN, we intend for the ssh parts
of the integration process to "just work."
Flag day: starting on Tuesday, August 5, if you plan to integrate changes
to the ON gate, you must first have a public ssh key on file with
OpenSolaris.
As previously mentioned, the Mercurial ON gate will be write-only via ssh
to a shared account. That account is "onhg," so your push command will
look like this:
hg push ssh://onhg at onnv.sfbay.sun.com//export/onnv-gate
I'll send more details on how to push your changes in a separate note.
In order for this to succeed, the shared "onhg" account must have your
public ssh key on file.
I hate to shout, but: YOU ARE PERSONALLY RESPONSIBLE FOR ANY ACTIONS
TAKEN USING YOUR SSH KEY PAIR. Please be responsible: do not use an empty
passphrase, and do not share your passphrase. Not all home directories
are kerberized, or I would also add "do not share your private key."
1. If you don't already have an account on opensolaris.org, go to the
opensolaris.org registration page [1] and get one.
2. If you already have an ssh key on opensolaris.org, then you're all
set. We will be periodically updating our authorized key list with the
public keys from OpenSolaris.
3. If you do not have a key setup on opensolaris.org, you will need to
create one. To generate an ssh key pair, follow the instructions on
the OpenSolaris SSH key help page [2].
4. If you use multiple ssh keys for different tasks, then you might also
need to specify an identity file in your ~/.ssh/config file:
HostName onnv.sfbay
IdentityFile ~/.ssh/id_dsa
where "id_dsa" would be the filename containing the private key that
corresponds to the public key that you registered on OpenSolaris.
Questions to gatekeeper at onnv.eng.sun.com.
--Mark
[1] https://www.opensolaris.org/register.jspa
[2] http://opensolaris.org/os/project/website/ssh_instructions/
