Add SSH wiki page
- Finally fix broken link to this on sign up page - Checked once by me (I think) twice by spider, should be alright :P - Referenced from team and club guides.
This commit is contained in:
parent
8851ad3fa0
commit
b27cae389b
|
@ -0,0 +1,269 @@
|
|||
# ssh
|
||||
|
||||
_or, how to tell other computers to do cool things_
|
||||
|
||||
---
|
||||
|
||||
> all users are required to use an ssh keypair for login, or will be required
|
||||
to proceed with manual account recovery with [~spider](/~spider/) or another admin.
|
||||
drop a line to [sudoers@tilde.cafe](mailto:sudoers@tilde.cafe) or hop on
|
||||
[irc](https://kiwi.tilde.chat/#cafe) for assistance.
|
||||
|
||||
## overview
|
||||
|
||||
port 22 is available for ssh.
|
||||
|
||||
<!-- the primary ip has 80 and 443 in use by nginx. -->
|
||||
|
||||
<!-- use ssh.tilde.cafe to reach the secondary ip and use 80 and 443 for ssh. -->
|
||||
|
||||
<!-- so, for example, you can do: -->
|
||||
|
||||
<!-- ``` -->
|
||||
<!-- ssh -p 443 user@ssh.tilde.cafe -->
|
||||
<!-- ssh user@tilde.cafe # this uses port 22, which can be blocked on some networks -->
|
||||
<!-- ``` -->
|
||||
|
||||
when your account is approved, you will get an email. to login enter this in the terminal:
|
||||
|
||||
```
|
||||
ssh username@tilde.cafe
|
||||
```
|
||||
|
||||
tilde.cafe's ssh key fingerprints for your verification:
|
||||
|
||||
| Name | Fingerprint |
|
||||
|---------|--------------|
|
||||
| ECDSA | `SHA256:BTjzIhz+gkmJNVrN7/WOWLqDnnoAzSwDBrw9+QCZdl0` |
|
||||
| ED25519 | `SHA256:SbNFbk0qeIio4Aveaf29KNYPkEXmeCE38bXZpAWHI0Y` |
|
||||
| RSA | `SHA256:W0gZf+knAxjfkzppjm93hVzbqk+ZzkO4U56+09HJ3ks` |
|
||||
|
||||
the key fingerprints are in dns as sshfp records as well, which you can check
|
||||
against by setting `VerifyHostKeyDNS` to `yes` in your `~/.ssh/config`.
|
||||
|
||||
you can check the records yourself with the `dig` tool like this:
|
||||
|
||||
dig sshfp tilde.cafe
|
||||
|
||||
---
|
||||
|
||||
## intro
|
||||
|
||||
**if you just want to get right to a tutorial you can [skip over this
|
||||
background info](#how-to-make-an-ssh-key)**
|
||||
|
||||
while [tilde.cafe](https://tilde.cafe) is accessible on the web and features
|
||||
lovely web pages written by its users, most interaction with tilde.cafe takes
|
||||
place **inside the machine** that runs tilde.cafe as opposed to via web forms
|
||||
that have an effect from **outside** tilde.cafe's computer.
|
||||
|
||||
this is what sets tilde.cafe apart from most other online communities. you
|
||||
connect directly to another computer from yours alongside other people and then
|
||||
write your web pages, chat, and play games all via text-based interfaces right
|
||||
on tilde.cafe's computer.
|
||||
|
||||
prior to the web (which debuted in 1995) this is how pretty much all computer
|
||||
stuff got done. you connected directly to a machine (usually over a direct,
|
||||
physical phone line) and did your work there.
|
||||
|
||||
for a long time, people used a tool called
|
||||
[`telnet`](https://en.wikipedia.org/wiki/telnet) to connect to other computers.
|
||||
these days we use a tool called **ssh**.
|
||||
|
||||
`ssh` is a text-based tool that provides a direct connection from your computer
|
||||
to another. ssh is an acronym that stands for secure shell. the _shell_ part
|
||||
refers to the fact that it's a text-based tool; we use the word shell to refer
|
||||
to a text-based interface that you give commands to. the _secure_ part refers
|
||||
to the fact that, when you're using ssh, no one can spy on your connection to
|
||||
another computer (unlike the old `telnet` command).
|
||||
|
||||
**why bother with all of this?** passwords are really insecure and hard to manage.
|
||||
using keys makes life easier for you, fair user (your account is less likely to
|
||||
be hacked) and for me, your humble sysadmin (less administration than passwords).
|
||||
|
||||
---
|
||||
|
||||
## how to make an ssh key
|
||||
|
||||
SSH supports a handful of types of cryptographic keys. The most used are [RSA](
|
||||
<https://en.wikipedia.org/wiki/RSA_(cryptosystem)>) and the more modern [Ed25519](
|
||||
https://en.wikipedia.org/wiki/EdDSA#Ed25519).
|
||||
|
||||
RSA is the de-facto standard and is supported everywhere (just choose a big
|
||||
enough key like 4096 bits to be secure). Ed25519 is designed to be faster and
|
||||
smaller withouth sacrificing security, so is best suited for embedded devices
|
||||
or machines with low resources. It's supported on tilde (and really on any
|
||||
modern system) but you may find older systems which do not support it.
|
||||
|
||||
Below you'll find instructions to generate either type (or both if you want).
|
||||
|
||||
Keep in mind that these instructions leave your private keys unencrypted in
|
||||
your local hard disk. So keep them private; never share them. A good solution
|
||||
is to provide a password for them at creation time, but this implies entering
|
||||
a password any time you used them (impractical) or use something like [ssh-agent](
|
||||
https://man.openbsd.org/ssh-agent.1) (a bit more complex)
|
||||
|
||||
We don't have documentation for this
|
||||
[(yet)](https://tildegit.org/cafe/site/src/branch/main/wiki) so either go with
|
||||
no password keys, or ask on IRC ([#cafe](https://web.tilde.chat/?join=cafe))
|
||||
for help.
|
||||
|
||||
pick your fighter: [[mac](#mac)] | [[windows](#windows)] | [[linux](#linux)]
|
||||
|
||||
---
|
||||
|
||||
### mac
|
||||
|
||||
#### generating your keypair
|
||||
|
||||
1. open terminal (it's in `/Applications/Utilities`, or press `command space`,
|
||||
type Terminal and press enter)
|
||||
|
||||
1. create your .ssh directory:
|
||||
|
||||
```bash
|
||||
mkdir -m 700 ~/.ssh
|
||||
```
|
||||
|
||||
1. create your keys:
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -a 100
|
||||
```
|
||||
|
||||
1. if you press enter to accept the defaults, your public and private key will
|
||||
be located at `~/.ssh/id_ed25519.pub` and `~/.ssh/id_ed25519` respectively
|
||||
|
||||
1. `cat ~/.ssh/id_ed25519.pub`
|
||||
|
||||
1. copy the output of the last command and paste it in the sshkey field on the
|
||||
signup form (or email it to [the admins](mailto:sudoers@tilde.cafe) if you
|
||||
already have an account)
|
||||
|
||||
#### using your keypair
|
||||
|
||||
once [~spider](https://tilde.cafe/~spider/) or another admin approves your
|
||||
signup, you can join tilde.cafe
|
||||
|
||||
1. open terminal (it's in `/Applications/Utilities`)
|
||||
|
||||
1. `ssh` to tilde.cafe:
|
||||
|
||||
```bash
|
||||
ssh username@tilde.cafe
|
||||
```
|
||||
|
||||
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
|
||||
|
||||
---
|
||||
|
||||
### windows
|
||||
|
||||
<!-- TODO: Tutorial for openssh like tilde.team has? -->
|
||||
<!-- if you're on windows 10 1809 or later then it has openssh built in, so you no longer need to install -->
|
||||
<!-- third-party tools. if openssh is not enabled, please see microsoft's -->
|
||||
<!-- documentation on [openssh in -->
|
||||
<!-- windows](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview). -->
|
||||
|
||||
There are many options for using ssh on windows. If you are on windows 10 1809
|
||||
or later then it has openssh built in. Please check out [microsoft's
|
||||
documentation on
|
||||
openssh](https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_overview).
|
||||
|
||||
If you're on legacy windows or you don't want to use openssh, then continue reading below.
|
||||
|
||||
#### generating your keypair
|
||||
|
||||
pick any of the following options and follow their installation process. If
|
||||
you'd like to use a full Linux terminal environment then pick WSL. If you just
|
||||
want a bash shell with great git support, pick Git Bash:
|
||||
|
||||
* [Windows Subsystem for Linux](https://docs.microsoft.com/en-us/windows/wsl/install-win10/)
|
||||
* [msys2](https://www.msys2.org)
|
||||
* [Git Bash](https://git-scm.com)
|
||||
|
||||
1. after setting up the terminal from any of the above installation process, open your terminal
|
||||
|
||||
1. create your .ssh directory
|
||||
|
||||
```bash
|
||||
mkdir .ssh
|
||||
```
|
||||
|
||||
1. create your keypair
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -a 100
|
||||
```
|
||||
|
||||
1. if you press enter to accept the defaults, your public and private key will
|
||||
be located at `~\.ssh\id_ed25519.pub` and `~\.ssh\id_ed25519` respectively.
|
||||
|
||||
1. `cat ~\.ssh\id_ed25519.pub`
|
||||
|
||||
1. copy the output of the last command and paste it in the sshkey field on the signup form
|
||||
|
||||
#### using your keypair
|
||||
|
||||
once [~spider](https://tilde.cafe/~spider/) or another admin approves your
|
||||
signup, you can join the tilde.cafe
|
||||
|
||||
1. open your terminal which you've setup from the previous steps
|
||||
|
||||
1. `ssh` to tilde.cafe:
|
||||
|
||||
```bash
|
||||
ssh username@tilde.cafe
|
||||
```
|
||||
|
||||
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
|
||||
|
||||
---
|
||||
|
||||
### linux
|
||||
|
||||
there are a lot of linux distros, but `ssh` and `ssh-keygen` should be available
|
||||
in almost all cases. if they're not, look up how to install ssh for your distro.
|
||||
|
||||
#### generating your keypair
|
||||
|
||||
1. open your terminal
|
||||
|
||||
1. make sure you have a `~/.ssh` directory
|
||||
|
||||
```bash
|
||||
mkdir -m 700 ~/.ssh
|
||||
```
|
||||
|
||||
1. create your keys
|
||||
|
||||
```bash
|
||||
ssh-keygen -t ed25519 -a 100
|
||||
```
|
||||
|
||||
1. if you press enter to accept the defaults, your public and private key will
|
||||
be located at `~/.ssh/id_ed25519.pub` and `~/.ssh/id_ed25519` respectively
|
||||
|
||||
1. `cat ~/.ssh/id_ed25519.pub`
|
||||
|
||||
1. copy the output of the last command and paste it in the sshkey field on the signup form
|
||||
|
||||
#### using your keypair
|
||||
|
||||
once [~spider](https://tilde.cafe/~spider/) or another admin approves your signup, you can join the tilde.cafe
|
||||
|
||||
1. open your terminal
|
||||
|
||||
1. `ssh` to tilde.cafe:
|
||||
|
||||
```bash
|
||||
ssh username@tilde.cafe
|
||||
```
|
||||
|
||||
where username is your username (~hedy would use `ssh hedy@tilde.cafe`)
|
||||
|
||||
---
|
||||
|
||||
this tutorial is based on and uses parts of [the tilde.club ssh
|
||||
primer](https://tilde.club/wiki/ssh.html) and [the tilde.team ssh
|
||||
guide](https://tilde.team/wiki/ssh).
|
Loading…
Reference in New Issue