cafe
/
wiki
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add SSH wiki page 

- Finally fix broken link to this on sign up page
- Checked once by me (I think) twice by spider, should be alright :P
- Referenced from team and club guides.
This commit is contained in:
Hedy Li 2021-11-12 16:17:37 +08:00
parent 8851ad3fa0
commit b27cae389b
Signed by: hedy
GPG Key ID: B51B5A8D1B176372
1 changed files with 269 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

269
ssh.md Normal file
View File

@ -0,0 +1,269 @@
# ssh
_or, how to tell other computers to do cool things_
---
> all users are required to use an ssh keypair for login, or will be required
to proceed with manual account recovery with [~spider](/~spider/) or another admin.
drop a line to [sudoers@tilde.cafe](mailto:sudoers@tilde.cafe) or hop on
[irc](https://kiwi.tilde.chat/#cafe) for assistance.
## overview
port 22 is available for ssh.
<!-- the primary ip has 80 and 443 in use by nginx. -->
<!-- use ssh.tilde.cafe to reach the secondary ip and use 80 and 443 for ssh. -->
<!-- so, for example, you can do: -->
<!-- ``` -->
<!-- ssh -p 443 user@ssh.tilde.cafe -->
<!-- ssh user@tilde.cafe # this uses port 22, which can be blocked on some networks -->
<!-- ``` -->
when your account is approved, you will get an email. to login enter this in the terminal:
```
ssh username@tilde.cafe
```
tilde.cafe's ssh key fingerprints for your verification:
| Name | Fingerprint |
|---------|--------------|
| ECDSA | `SHA256:BTjzIhz+gkmJNVrN7/WOWLqDnnoAzSwDBrw9+QCZdl0` |
| ED25519 | `SHA256:SbNFbk0qeIio4Aveaf29KNYPkEXmeCE38bXZpAWHI0Y` |
| RSA | `SHA256:W0gZf+knAxjfkzppjm93hVzbqk+ZzkO4U56+09HJ3ks` |
the key fingerprints are in dns as sshfp records as well, which you can check
against by setting `VerifyHostKeyDNS` to `yes` in your `~/.ssh/config`.
you can check the records yourself with the `dig` tool like this:
dig sshfp tilde.cafe
---
## intro
**if you just want to get right to a tutorial you can [skip over this
background info](#how-to-make-an-ssh-key)**
while [tilde.cafe](https://tilde.cafe) is accessible on the web and features
lovely web pages written by its users, most interaction with tilde.cafe takes
place **inside the machine** that runs tilde.cafe as opposed to via web forms
that have an effect from **outside** tilde.cafe's computer.
this is what sets tilde.cafe apart from most other online communities. you
connect directly to another computer from yours alongside other people and then
write your web pages, chat, and play games all via text-based interfaces right
on tilde.cafe's computer.
prior to the web (which debuted in 1995) this is how pretty much all computer
stuff got done. you connected directly to a machine (usually over a direct,
physical phone line) and did your work there.
for a long time, people used a tool called
[`telnet`](https://en.wikipedia.org/wiki/telnet) to connect to other computers.
these days we use a tool called **ssh**.
`ssh` is a text-based tool that provides a direct connection from your computer
to another. ssh is an acronym that stands for secure shell. the _shell_ part
refers to the fact that it's a text-based tool; we use the word shell to refer
to a text-based interface that you give commands to. the _secure_ part refers
to the fact that, when you're using ssh, no one can spy on your connection to
another computer (unlike the old `telnet` command).
**why bother with all of this?** passwords are really insecure and hard to manage.
using keys makes life easier for you, fair user (your account is less likely to
be hacked) and for me, your humble sysadmin (less administration than passwords).
---
## how to make an ssh key
SSH supports a handful of types of cryptographic keys. The most used are [RSA](
<https://en.wikipedia.org/wiki/RSA_(cryptosystem)>) and the more modern [Ed25519](
https://en.wikipedia.org/wiki/EdDSA#Ed25519).
RSA is the de-facto standard and is supported everywhere (just choose a big
enough key like 4096 bits to be secure). Ed25519 is designed to be faster and
smaller withouth sacrificing security, so is best suited for embedded devices
or machines with low resources. It's supported on tilde (and really on any
modern system) but you may find older systems which do not support it.
Below you'll find instructions to generate either type (or both if you want).
Keep in mind that these instructions leave your private keys unencrypted in
your local hard disk. So keep them private; never share them. A good solution
is to provide a password for them at creation time, but this implies entering
a password any time you used them (impractical) or use something like [ssh-agent](
https://man.openbsd.org/ssh-agent.1) (a bit more complex)
We don't have documentation for this
[(yet)](https://tildegit.org/cafe/site/src/branch/main/wiki) so either go with
no password keys, or ask on IRC ([#cafe](https://web.tilde.chat/?join=cafe))
for help.
pick your fighter: [[mac](#mac)] | [[windows](#windows)] | [[linux](#linux)]
---
### mac
#### generating your keypair
1. open terminal (it's in `/Applications/Utilities`, or press `command space`,
type Terminal and press enter)
1. create your .ssh directory:
```bash
mkdir -m 700 ~/.ssh
```
1. create your keys:
```bash
ssh-keygen -t ed25519 -a 100
```
1. if you press enter to accept the defaults, your public and private key will
be located at `~/.ssh/id_ed25519.pub` and `~/.ssh/id_ed25519` respectively
1. `cat ~/.ssh/id_ed25519.pub`
1. copy the output of the last command and paste it in the sshkey field on the
signup form (or email it to [the admins](mailto:sudoers@tilde.cafe) if you
already have an account)
#### using your keypair
once [~spider](https://tilde.cafe/~spider/) or another admin approves your
signup, you can join tilde.cafe
1. open terminal (it's in `/Applications/Utilities`)
1. `ssh` to tilde.cafe:
```bash
ssh username@tilde.cafe
```
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
---
### windows
<!-- TODO: Tutorial for openssh like tilde.team has? -->
<!-- if you're on windows 10 1809 or later then it has openssh built in, so you no longer need to install -->
<!-- third-party tools. if openssh is not enabled, please see microsoft's -->
<!-- documentation on [openssh in -->
<!-- windows](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview). -->
There are many options for using ssh on windows. If you are on windows 10 1809
or later then it has openssh built in. Please check out [microsoft's
documentation on
openssh](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview).
If you're on legacy windows or you don't want to use openssh, then continue reading below.
#### generating your keypair
pick any of the following options and follow their installation process. If
you'd like to use a full Linux terminal environment then pick WSL. If you just
want a bash shell with great git support, pick Git Bash:
* [Windows Subsystem for Linux](https://docs.microsoft.com/en-us/windows/wsl/install-win10/)
* [msys2](https://www.msys2.org)
* [Git Bash](https://git-scm.com)
1. after setting up the terminal from any of the above installation process, open your terminal
1. create your .ssh directory
```bash
mkdir .ssh
```
1. create your keypair
```bash
ssh-keygen -t ed25519 -a 100
```
1. if you press enter to accept the defaults, your public and private key will
be located at `~\.ssh\id_ed25519.pub` and `~\.ssh\id_ed25519` respectively.
1. `cat ~\.ssh\id_ed25519.pub`
1. copy the output of the last command and paste it in the sshkey field on the signup form
#### using your keypair
once [~spider](https://tilde.cafe/~spider/) or another admin approves your
signup, you can join the tilde.cafe
1. open your terminal which you've setup from the previous steps
1. `ssh` to tilde.cafe:
```bash
ssh username@tilde.cafe
```
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
---
### linux
there are a lot of linux distros, but `ssh` and `ssh-keygen` should be available
in almost all cases. if they're not, look up how to install ssh for your distro.
#### generating your keypair
1. open your terminal
1. make sure you have a `~/.ssh` directory
```bash
mkdir -m 700 ~/.ssh
```
1. create your keys
```bash
ssh-keygen -t ed25519 -a 100
```
1. if you press enter to accept the defaults, your public and private key will
be located at `~/.ssh/id_ed25519.pub` and `~/.ssh/id_ed25519` respectively
1. `cat ~/.ssh/id_ed25519.pub`
1. copy the output of the last command and paste it in the sshkey field on the signup form
#### using your keypair
once [~spider](https://tilde.cafe/~spider/) or another admin approves your signup, you can join the tilde.cafe
1. open your terminal
1. `ssh` to tilde.cafe:
```bash
ssh username@tilde.cafe
```
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
---
this tutorial is based on and uses parts of [the tilde.club ssh
primer](https://tilde.club/wiki/ssh.html) and [the tilde.team ssh
guide](https://tilde.team/wiki/ssh).