diff --git a/docs/ssh.md b/docs/ssh.md new file mode 100644 index 0000000..dba8930 --- /dev/null +++ b/docs/ssh.md @@ -0,0 +1,29 @@ +[http://tilde.club](tilde.club) uses `ssh` public-key authentication. + +If you want access to [tilde.club](http://tilde.club), create a new key pair with an encrypted key and send the **public** key to the admins. + +##Mac + +1. Open **Terminal** (in /Applications/Utilities). +1. In the **Terminal** window, paste the following: +
+mkdir -p ~/.ssh                 # Create your .ssh directory
+ssh-keygen -f ~/.ssh/tilde.club # Create your keys
+
+1. The `ssh-keygen` program will generate two new keys (private and public), and prompt you for a password. Please set a good password (at least 9 characters, and not just letters or numbers). Make a note of it somewhere safe. +1. `open ~/.ssh # Open your .ssh directory` +1. Email ford@ (our friendly host) and attach `tilde.club.pub` to the email (it should be visible in the Finder. **Do not** attach `tilde.club` -- that is your *private* key, which you should never share. + +##Linux + +If you're on Linux you can use the same commands to generate a `tilde.club` keypair, but attaching `tilde.club.pub` is left as an exercise for the reader. + +##Windows + +We need instructions for using `PuTTYgen` to create a key in OpenSSH compatible format. + +##Why? + +`ssh` keys are more secure than classic UNIX passwords. Someone who takes over the server (`sshd` program) can capture the UNIX passwords of everyone who uses them to login -- [this has happened](http://www.apache.org/info/20010519-hack.html). + +Additionally, if you use an `ssh` agent, you can login without entering a password every time. On OS X the Apple Keychain provides this functionality. On Linux it's `ssh-agent` and possibly [keychain](http://www.funtoo.org/Keychain). On Windows `pageant` provides this capability for [PuTTY](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html). diff --git a/server.org b/server.org index 9fb5300..7203cfe 100644 --- a/server.org +++ b/server.org @@ -1,5 +1,5 @@ #+TITLE: Server Configuration - +[1;3B * Base machine - A standard unix server - yum install perl-Net-SSLeay @@ -45,3 +45,21 @@ - USENET: [???] +======= +- Webmin (people complain but webmin is great) + Net:SSLeay (see below) + +* Add these repos +- sudo yum update +- sudo yum install httpd +- sudo yum install emacs +- sudo yum install tmux +- sudo yum install talk-server +- sudo yum install htop +- sudo yum install elinks lynx +- sudo yum install figlet +- sudo yum install ImageMagick +- sudo yum --enablerepo=epel install -y mosh +- sudo yum install mailman +- sudo yum install ScrollZ +- sudo yum install libnet-ssleay-perl (so that webmin uses HTTPS rather than HTTP) +>>>>>>> 72a7b45bdbeadda390d5a6a2284c5bc03856dd9c