2021-11-12 08:17:37 +00:00
|
|
|
# ssh
|
|
|
|
|
|
|
|
_or, how to tell other computers to do cool things_
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
> all users are required to use an ssh keypair for login, or will be required
|
|
|
|
to proceed with manual account recovery with [~spider](/~spider/) or another admin.
|
|
|
|
drop a line to [sudoers@tilde.cafe](mailto:sudoers@tilde.cafe) or hop on
|
|
|
|
[irc](https://kiwi.tilde.chat/#cafe) for assistance.
|
|
|
|
|
|
|
|
## overview
|
|
|
|
|
|
|
|
port 22 is available for ssh.
|
|
|
|
|
|
|
|
<!-- the primary ip has 80 and 443 in use by nginx. -->
|
|
|
|
|
|
|
|
<!-- use ssh.tilde.cafe to reach the secondary ip and use 80 and 443 for ssh. -->
|
|
|
|
|
|
|
|
<!-- so, for example, you can do: -->
|
|
|
|
|
|
|
|
<!-- ``` -->
|
|
|
|
<!-- ssh -p 443 user@ssh.tilde.cafe -->
|
|
|
|
<!-- ssh user@tilde.cafe # this uses port 22, which can be blocked on some networks -->
|
|
|
|
<!-- ``` -->
|
|
|
|
|
|
|
|
when your account is approved, you will get an email. to login enter this in the terminal:
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
ssh username@tilde.cafe
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
tilde.cafe's ssh key fingerprints for your verification:
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
| Name | Fingerprint |
|
|
|
|
|---------|------------------------------------------------------|
|
|
|
|
| ECDSA | `SHA256:BTjzIhz+gkmJNVrN7/WOWLqDnnoAzSwDBrw9+QCZdl0` |
|
|
|
|
| ED25519 | `SHA256:SbNFbk0qeIio4Aveaf29KNYPkEXmeCE38bXZpAWHI0Y` |
|
|
|
|
| RSA | `SHA256:W0gZf+knAxjfkzppjm93hVzbqk+ZzkO4U56+09HJ3ks` |
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
the key fingerprints are in dns as sshfp records as well, which you can check
|
|
|
|
against by setting `VerifyHostKeyDNS` to `yes` in your `~/.ssh/config`.
|
|
|
|
|
|
|
|
you can check the records yourself with the `dig` tool like this:
|
|
|
|
|
|
|
|
dig sshfp tilde.cafe
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
## intro
|
|
|
|
|
|
|
|
**if you just want to get right to a tutorial you can [skip over this
|
|
|
|
background info](#how-to-make-an-ssh-key)**
|
|
|
|
|
|
|
|
while [tilde.cafe](https://tilde.cafe) is accessible on the web and features
|
|
|
|
lovely web pages written by its users, most interaction with tilde.cafe takes
|
|
|
|
place **inside the machine** that runs tilde.cafe as opposed to via web forms
|
|
|
|
that have an effect from **outside** tilde.cafe's computer.
|
|
|
|
|
|
|
|
this is what sets tilde.cafe apart from most other online communities. you
|
|
|
|
connect directly to another computer from yours alongside other people and then
|
|
|
|
write your web pages, chat, and play games all via text-based interfaces right
|
|
|
|
on tilde.cafe's computer.
|
|
|
|
|
|
|
|
prior to the web (which debuted in 1995) this is how pretty much all computer
|
|
|
|
stuff got done. you connected directly to a machine (usually over a direct,
|
|
|
|
physical phone line) and did your work there.
|
|
|
|
|
|
|
|
for a long time, people used a tool called
|
|
|
|
[`telnet`](https://en.wikipedia.org/wiki/telnet) to connect to other computers.
|
|
|
|
these days we use a tool called **ssh**.
|
|
|
|
|
|
|
|
`ssh` is a text-based tool that provides a direct connection from your computer
|
|
|
|
to another. ssh is an acronym that stands for secure shell. the _shell_ part
|
|
|
|
refers to the fact that it's a text-based tool; we use the word shell to refer
|
|
|
|
to a text-based interface that you give commands to. the _secure_ part refers
|
|
|
|
to the fact that, when you're using ssh, no one can spy on your connection to
|
|
|
|
another computer (unlike the old `telnet` command).
|
|
|
|
|
|
|
|
**why bother with all of this?** passwords are really insecure and hard to manage.
|
|
|
|
using keys makes life easier for you, fair user (your account is less likely to
|
|
|
|
be hacked) and for me, your humble sysadmin (less administration than passwords).
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
## how to make an ssh key
|
|
|
|
|
|
|
|
SSH supports a handful of types of cryptographic keys. The most used are [RSA](
|
2022-02-04 07:16:23 +00:00
|
|
|
https://en.wikipedia.org/wiki/RSA_(cryptosystem) and the more modern [Ed25519](
|
|
|
|
https://en.wikipedia.org/wiki/EdDSA#Ed25519).
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
RSA is the de-facto standard and is supported everywhere (just choose a big
|
|
|
|
enough key like 4096 bits to be secure). Ed25519 is designed to be faster and
|
|
|
|
smaller withouth sacrificing security, so is best suited for embedded devices
|
|
|
|
or machines with low resources. It's supported on tilde (and really on any
|
|
|
|
modern system) but you may find older systems which do not support it.
|
|
|
|
|
|
|
|
Below you'll find instructions to generate either type (or both if you want).
|
|
|
|
|
|
|
|
Keep in mind that these instructions leave your private keys unencrypted in
|
|
|
|
your local hard disk. So keep them private; never share them. A good solution
|
|
|
|
is to provide a password for them at creation time, but this implies entering
|
|
|
|
a password any time you used them (impractical) or use something like [ssh-agent](
|
|
|
|
https://man.openbsd.org/ssh-agent.1) (a bit more complex)
|
|
|
|
|
2022-02-04 07:21:21 +00:00
|
|
|
We don't have documentation for this ([yet](https://tildegit.org/cafe/wiki)) so
|
|
|
|
either go with no password keys, or ask on IRC
|
|
|
|
([#cafe](https://web.tilde.chat/?join=cafe)) for help.
|
2021-11-12 08:17:37 +00:00
|
|
|
|
2022-02-04 07:16:23 +00:00
|
|
|
pick your fighter: [ [mac](#mac) | [windows](#windows) | [linux](#linux) ]
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
### mac
|
|
|
|
|
|
|
|
#### generating your keypair
|
|
|
|
|
|
|
|
1. open terminal (it's in `/Applications/Utilities`, or press `command space`,
|
|
|
|
type Terminal and press enter)
|
|
|
|
|
|
|
|
1. create your .ssh directory:
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
mkdir -m 700 ~/.ssh
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. create your keys:
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
ssh-keygen -t ed25519 -a 100
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. if you press enter to accept the defaults, your public and private key will
|
|
|
|
be located at `~/.ssh/id_ed25519.pub` and `~/.ssh/id_ed25519` respectively
|
|
|
|
|
|
|
|
1. `cat ~/.ssh/id_ed25519.pub`
|
|
|
|
|
|
|
|
1. copy the output of the last command and paste it in the sshkey field on the
|
|
|
|
signup form (or email it to [the admins](mailto:sudoers@tilde.cafe) if you
|
|
|
|
already have an account)
|
|
|
|
|
|
|
|
#### using your keypair
|
|
|
|
|
|
|
|
once [~spider](https://tilde.cafe/~spider/) or another admin approves your
|
|
|
|
signup, you can join tilde.cafe
|
|
|
|
|
|
|
|
1. open terminal (it's in `/Applications/Utilities`)
|
|
|
|
|
|
|
|
1. `ssh` to tilde.cafe:
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
ssh username@tilde.cafe
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
### windows
|
|
|
|
|
|
|
|
<!-- TODO: Tutorial for openssh like tilde.team has? -->
|
|
|
|
<!-- if you're on windows 10 1809 or later then it has openssh built in, so you no longer need to install -->
|
|
|
|
<!-- third-party tools. if openssh is not enabled, please see microsoft's -->
|
|
|
|
<!-- documentation on [openssh in -->
|
|
|
|
<!-- windows](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview). -->
|
|
|
|
|
|
|
|
There are many options for using ssh on windows. If you are on windows 10 1809
|
|
|
|
or later then it has openssh built in. Please check out [microsoft's
|
|
|
|
documentation on
|
|
|
|
openssh](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview).
|
|
|
|
|
|
|
|
If you're on legacy windows or you don't want to use openssh, then continue reading below.
|
|
|
|
|
|
|
|
#### generating your keypair
|
|
|
|
|
|
|
|
pick any of the following options and follow their installation process. If
|
|
|
|
you'd like to use a full Linux terminal environment then pick WSL. If you just
|
|
|
|
want a bash shell with great git support, pick Git Bash:
|
|
|
|
|
|
|
|
* [Windows Subsystem for Linux](https://docs.microsoft.com/en-us/windows/wsl/install-win10/)
|
|
|
|
* [msys2](https://www.msys2.org)
|
|
|
|
* [Git Bash](https://git-scm.com)
|
|
|
|
|
2022-02-04 07:16:23 +00:00
|
|
|
1. after setting up the terminal from any of the above installation process,
|
|
|
|
open your terminal
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. create your .ssh directory
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
mkdir .ssh
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. create your keypair
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
ssh-keygen -t ed25519 -a 100
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. if you press enter to accept the defaults, your public and private key will
|
|
|
|
be located at `~\.ssh\id_ed25519.pub` and `~\.ssh\id_ed25519` respectively.
|
|
|
|
|
|
|
|
1. `cat ~\.ssh\id_ed25519.pub`
|
|
|
|
|
2022-02-04 07:16:23 +00:00
|
|
|
1. copy the output of the last command and paste it in the sshkey field on the
|
|
|
|
signup form
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
#### using your keypair
|
|
|
|
|
|
|
|
once [~spider](https://tilde.cafe/~spider/) or another admin approves your
|
|
|
|
signup, you can join the tilde.cafe
|
|
|
|
|
|
|
|
1. open your terminal which you've setup from the previous steps
|
|
|
|
|
|
|
|
1. `ssh` to tilde.cafe:
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
ssh username@tilde.cafe
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
### linux
|
|
|
|
|
|
|
|
there are a lot of linux distros, but `ssh` and `ssh-keygen` should be available
|
|
|
|
in almost all cases. if they're not, look up how to install ssh for your distro.
|
|
|
|
|
|
|
|
#### generating your keypair
|
|
|
|
|
|
|
|
1. open your terminal
|
|
|
|
|
|
|
|
1. make sure you have a `~/.ssh` directory
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
mkdir -m 700 ~/.ssh
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. create your keys
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
ssh-keygen -t ed25519 -a 100
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. if you press enter to accept the defaults, your public and private key will
|
|
|
|
be located at `~/.ssh/id_ed25519.pub` and `~/.ssh/id_ed25519` respectively
|
|
|
|
|
|
|
|
1. `cat ~/.ssh/id_ed25519.pub`
|
|
|
|
|
2022-02-04 07:16:23 +00:00
|
|
|
1. copy the output of the last command and paste it in the sshkey field on the
|
|
|
|
signup form
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
#### using your keypair
|
|
|
|
|
2022-02-04 07:16:23 +00:00
|
|
|
once [~spider](https://tilde.cafe/~spider/) or another admin approves your
|
|
|
|
signup, you can join the tilde.cafe
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
1. open your terminal
|
|
|
|
|
|
|
|
1. `ssh` to tilde.cafe:
|
|
|
|
|
2022-02-04 04:35:04 +00:00
|
|
|
ssh username@tilde.cafe
|
2021-11-12 08:17:37 +00:00
|
|
|
|
|
|
|
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
this tutorial is based on and uses parts of [the tilde.club ssh
|
|
|
|
primer](https://tilde.club/wiki/ssh.html) and [the tilde.team ssh
|
|
|
|
guide](https://tilde.team/wiki/ssh).
|