From 712930046c7c1196fee517337a7d9ae986213da5 Mon Sep 17 00:00:00 2001 From: Languages add-on Date: Feb 20 2024 17:11:26 +0000 Subject: Added translation using Weblate (Czech) Co-authored-by: Languages add-on --- diff --git a/po/cs/master/pages/authentication.po b/po/cs/master/pages/authentication.po new file mode 100644 index 0000000..a4bd322 --- /dev/null +++ b/po/cs/master/pages/authentication.po @@ -0,0 +1,441 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# Languages add-on , 2024. +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2024-02-08 22:18+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Title = +#: ./pages/authentication.adoc:1 +#, no-wrap +msgid "Configuring Users" +msgstr "" + +#. type: Title == +#: ./pages/authentication.adoc:3 +#, no-wrap +msgid "Default User" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:6 +msgid "" +"By default, a privileged user named `core` is created on the Fedora CoreOS " +"system, but it is not configured with a default password or SSH key. If you " +"wish to use the `core` user, you must provide an Ignition config which " +"includes a password and/or SSH key(s) for the `core` user. Alternatively you " +"may create additional, new users via Ignition configs." +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:8 +msgid "" +"If you do not want to use Ignition to manage the default user's SSH key(s), " +"you can make use of the " +"https://coreos.github.io/afterburn/platforms/[Afterburn support] and provide " +"an SSH key via your cloud provider." +msgstr "" + +#. type: Title == +#: ./pages/authentication.adoc:9 +#, no-wrap +msgid "Creating a New User" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:12 +msgid "" +"To create a new user (or users), add it to the `users` list of your Butane " +"config. In the following example, the config creates two new usernames, but " +"doesn't configure them to be especially useful." +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:21 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"passwd:\n" +" users:\n" +" - name: jlebon\n" +" - name: miabbott\n" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:24 +msgid "" +"You will typically want to configure SSH keys or a password, in order to be " +"able to log in as those users." +msgstr "" + +#. type: Title == +#: ./pages/authentication.adoc:25 +#, no-wrap +msgid "Using an SSH Key" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:28 +msgid "To configure an SSH key for a local user, you can use a Butane config:" +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:45 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"passwd:\n" +" users:\n" +" - name: core\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHn2eh...\n" +" - name: jlebon\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5QFS...\n" +" - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIveEaMRW...\n" +" - name: miabbott\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTey7R...\n" +msgstr "" + +#. type: Title === +#: ./pages/authentication.adoc:47 +#, no-wrap +msgid "Using File References to SSH Keys" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:52 +msgid "" +"Depending on the configuration variant and version you use, you can use " +"local file references to SSH public keys instead of inlining them. The " +"example from the xref:#_using_an_ssh_key[previous section] can thus be " +"rewritten as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:69 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"passwd:\n" +" users:\n" +" - name: core\n" +" ssh_authorized_keys_local:\n" +" - users/core/id_rsa.pub\n" +" - name: jlebon\n" +" ssh_authorized_keys_local:\n" +" - users/jlebon/id_rsa.pub\n" +" - users/jlebon/id_ed25519.pub\n" +" - name: miabbott\n" +" ssh_authorized_keys_local:\n" +" - users/miabbott/id_rsa.pub\n" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:72 +msgid "" +"You have to use `butane` with the `--files-dir` parameter to allow loading " +"files from disk when converting to Ignition configurations for this to work." +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:76 +msgid "" +"Check the https://coreos.github.io/butane/specs/[Configuration " +"specifications] for more details and which versions of your selected variant " +"support it. Generally, each file may contain multiple SSH keys, one per " +"line, and you may additionally specify inline `ssh_authorized_keys` as well " +"as long as the SSH keys are unique." +msgstr "" + +#. type: Title === +#: ./pages/authentication.adoc:77 +#, no-wrap +msgid "SSH Key Locations" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:84 +msgid "" +"https://man.openbsd.org/sshd_config[sshd] uses a " +"https://github.com/coreos/ssh-key-dir[helper program], specified via the " +"`AuthorizedKeysCommand` directive, to read public keys from files in a " +"user's `~/.ssh/authorized_keys.d` directory. The `AuthorizedKeysCommand` is " +"tried after the usual `AuthorizedKeysFile` files (defaulting to " +"`~/.ssh/authorized_keys`) and will not be executed if a matching key is " +"found there. Key files in `~/.ssh/authorized_keys.d` are read in " +"alphabetical order, ignoring dotfiles." +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:86 +msgid "" +"Ignition writes configured SSH keys to " +"`~/.ssh/authorized_keys.d/ignition`. On platforms where SSH keys can be " +"configured at the platform level, such as AWS, Afterburn writes those keys " +"to `~/.ssh/authorized_keys.d/afterburn`." +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:88 +msgid "" +"To debug the reading of `~/.ssh/authorized_keys.d`, manually run the helper " +"program and inspect its output:" +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:92 +#, no-wrap +msgid "/usr/libexec/ssh-key-dir\n" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:95 +msgid "" +"To view and validate the effective configuration for sshd, two test modes " +"(`-t`, `-T`) are available as documented on the " +"https://man.openbsd.org/sshd[manual pages]." +msgstr "" + +#. type: Title == +#: ./pages/authentication.adoc:96 +#, no-wrap +msgid "Using Password Authentication" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:99 +msgid "" +"Fedora CoreOS ships with no default passwords. You can use a Butane config " +"to set a password for a local user. Building on the previous example, we can " +"configure the `password_hash` for one or more users:" +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:117 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"passwd:\n" +" users:\n" +" - name: core\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHn2eh...\n" +" - name: jlebon\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5QFS...\n" +" - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIveEaMRW...\n" +" - name: miabbott\n" +" password_hash: $y$j9T$aUmgEDoFIDPhGxEe2FUjc/$C5A...\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTey7R...\n" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:120 +msgid "" +"To generate a secure password hash, use `mkpasswd` from the `whois` " +"package. Your Linux distro may ship a different `mkpasswd` implementation; " +"you can ensure you're using the correct one by running it from a container:" +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:126 +#, no-wrap +msgid "" +"$ podman run -ti --rm quay.io/coreos/mkpasswd --method=yescrypt\n" +"Password:\n" +"$y$j9T$A0Y3wwVOKP69S.1K/zYGN.$S596l11UGH3XjN...\n" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:129 +msgid "" +"The `yescrypt` hashing method is recommended for new passwords. For more " +"details on hashing methods, see `man 5 crypt`." +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:131 +msgid "" +"The configured password will be accepted for local authentication at the " +"console. By default, Fedora CoreOS does not allow " +"<<_enabling_ssh_password_authentication,password authentication via SSH>>." +msgstr "" + +#. type: Title == +#: ./pages/authentication.adoc:132 +#, no-wrap +msgid "Configuring Groups" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:135 +msgid "" +"Fedora CoreOS comes with a few groups configured by default: `root`, `adm`, " +"`wheel`, `sudo`, `systemd-journal`, `docker`" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:137 +msgid "" +"When configuring users via Butane configs, we can specify groups that the " +"user(s) should be a part of." +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:160 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"passwd:\n" +" users:\n" +" - name: core\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHn2eh...\n" +" - name: jlebon\n" +" groups:\n" +" - wheel\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5QFS...\n" +" - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIveEaMRW...\n" +" - name: miabbott\n" +" groups:\n" +" - docker\n" +" - wheel\n" +" password_hash: $y$j9T$aUmgEDoFIDPhGxEe2FUjc/$C5A...\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTey7R...\n" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:163 +msgid "" +"If a group does not exist, users should create them as part of the Butane " +"config." +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:192 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"passwd:\n" +" groups:\n" +" - name: engineering\n" +" - name: marketing\n" +" gid: 9000\n" +" users:\n" +" - name: core\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHn2eh...\n" +" - name: jlebon\n" +" groups:\n" +" - engineering\n" +" - wheel\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5QFS...\n" +" - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIveEaMRW...\n" +" - name: miabbott\n" +" groups:\n" +" - docker\n" +" - marketing\n" +" - wheel\n" +" password_hash: $y$j9T$aUmgEDoFIDPhGxEe2FUjc/$C5A...\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTey7R...\n" +msgstr "" + +#. type: Title == +#: ./pages/authentication.adoc:194 +#, no-wrap +msgid "Configuring Administrative Privileges" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:197 +msgid "" +"The easiest way for users to be granted administrative privileges is to have " +"them added to the `sudo` and `wheel` groups as part of the Butane config." +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:228 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"passwd:\n" +" groups:\n" +" - name: engineering\n" +" - name: marketing\n" +" gid: 9000\n" +" users:\n" +" - name: core\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHn2eh...\n" +" - name: jlebon\n" +" groups:\n" +" - engineering\n" +" - wheel\n" +" - sudo\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDC5QFS...\n" +" - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIveEaMRW...\n" +" - name: miabbott\n" +" groups:\n" +" - docker\n" +" - marketing\n" +" - wheel\n" +" - sudo\n" +" password_hash: $y$j9T$aUmgEDoFIDPhGxEe2FUjc/$C5A...\n" +" ssh_authorized_keys:\n" +" - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTey7R...\n" +msgstr "" + +#. type: Title == +#: ./pages/authentication.adoc:230 +#, no-wrap +msgid "Enabling SSH Password Authentication" +msgstr "" + +#. type: Plain text +#: ./pages/authentication.adoc:233 +msgid "" +"To enable password authentication via SSH, add the following to your Butane " +"config:" +msgstr "" + +#. type: delimited block - +#: ./pages/authentication.adoc:248 +#, no-wrap +msgid "" +"variant: fcos\n" +"version: {butane-latest-stable-spec}\n" +"storage:\n" +" files:\n" +" - path: /etc/ssh/sshd_config.d/20-enable-passwords.conf\n" +" mode: 0644\n" +" contents:\n" +" inline: |\n" +" # Fedora CoreOS disables SSH password login by default.\n" +" # Enable it.\n" +" # This file must sort before 40-disable-passwords.conf.\n" +" PasswordAuthentication yes\n" +msgstr ""