Ssh: Difference between revisions

From Tildeverse Wiki
(displaytitle)
(Updating SSH section to add Mac instructions and reformat)
Line 5: Line 5:


RSA is the de-facto standard and is supported everywhere (just choose a big enough key like 4096 bits to be secure). Ed25519 is designed to be faster and smaller withouth sacrificing security, so is best suited for embedded devices or machines with low resources. It's supported on tilde (and really on any modern system) but you may find older systems which do not support it.
RSA is the de-facto standard and is supported everywhere (just choose a big enough key like 4096 bits to be secure). Ed25519 is designed to be faster and smaller withouth sacrificing security, so is best suited for embedded devices or machines with low resources. It's supported on tilde (and really on any modern system) but you may find older systems which do not support it.
Below you'll find instructions to generate either type (or both if you want).


Keep in mind that these instructions leave your private keys unencrypted in your local hard disk. So keep them private; never share them. A good solution is to provide a password for them at creation time, but this implies entering a password any time you used them (impractical) or use something like ssh-agent (a bit more complex)
Keep in mind that these instructions leave your private keys unencrypted in your local hard disk. So keep them private; never share them. A good solution is to provide a password for them at creation time, but this implies entering a password any time you used them (impractical) or use something like ssh-agent (a bit more complex)


== Generating your keypair ==
== Linux ==


=== Linux ===
=== Generating your keypair ===
Make sure you have a <code>~/.ssh</code> directory (the -m 700 ensures it has the correct file permissions)
<code>mkdir -m 700 ~/.ssh</code>
Create your keys
<code>ssh-keygen -t ed25519 -a 100</code>
If you press enter to accept the defaults, your public and private key will be located at <code>~/.ssh/id_ed25519.pub</code> and <code>~/.ssh/id_ed25519</code> respectively
<code>cat ~/.ssh/id_ed25519.pub</code>
Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.
 
==== Using your keypair ====
<code>ssh</code> to your tilde
<code>ssh username@your.tilde</code>


# make sure you have a <code>~/.ssh</code> directory
== Mac ==


<code>mkdir -m 700 ~/.ssh</code>
=== Generating your keypair ===


# create your keys
* Open terminal (it’s in <code>/Applications/Utilities</code>)
* Make sure you have a <code>~/.ssh</code> directory (the -m 700 ensures it has the correct file permissions)


<code>mkdir -m 700 ~/.ssh</code>
Create your keys
  <code>ssh-keygen -t ed25519 -a 100</code>
  <code>ssh-keygen -t ed25519 -a 100</code>
 
If you press enter to accept the defaults, your public and private key will be located at <code>~/.ssh/id_ed25519.pub</code> and <code>~/.ssh/id_ed25519</code> respectively
# if you press enter to accept the defaults, your public and private key will be located at <code>~/.ssh/id_ed25519.pub</code> and <code>~/.ssh/id_ed25519</code> respectively
<code>cat ~/.ssh/id_ed25519.pub</code>
# <code>cat ~/.ssh/id_ed25519.pub</code>
Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.
# copy the output of the last command and paste it in the sshkey field on the signup form


==== Using your keypair ====
==== Using your keypair ====
 
<code>ssh</code> to your tilde:
# open a terminal (this depends on your distro)
# <code>ssh</code> to your tilde:
 
  <code>ssh username@your.tilde</code>
  <code>ssh username@your.tilde</code>
[[Category:Guides]]
[[Category:Guides]]

Revision as of 13:26, 2 October 2022

The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

SSH supports a handful of types of cryptographic keys. The most used are RSA and the more modern ed25519.

RSA is the de-facto standard and is supported everywhere (just choose a big enough key like 4096 bits to be secure). Ed25519 is designed to be faster and smaller withouth sacrificing security, so is best suited for embedded devices or machines with low resources. It's supported on tilde (and really on any modern system) but you may find older systems which do not support it.

Keep in mind that these instructions leave your private keys unencrypted in your local hard disk. So keep them private; never share them. A good solution is to provide a password for them at creation time, but this implies entering a password any time you used them (impractical) or use something like ssh-agent (a bit more complex)

Linux

Generating your keypair

Make sure you have a ~/.ssh directory (the -m 700 ensures it has the correct file permissions)

mkdir -m 700 ~/.ssh

Create your keys

ssh-keygen -t ed25519 -a 100

If you press enter to accept the defaults, your public and private key will be located at ~/.ssh/id_ed25519.pub and ~/.ssh/id_ed25519 respectively

cat ~/.ssh/id_ed25519.pub

Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.

Using your keypair

ssh to your tilde

ssh username@your.tilde

Mac

Generating your keypair

  • Open terminal (it’s in /Applications/Utilities)
  • Make sure you have a ~/.ssh directory (the -m 700 ensures it has the correct file permissions)
mkdir -m 700 ~/.ssh

Create your keys

ssh-keygen -t ed25519 -a 100

If you press enter to accept the defaults, your public and private key will be located at ~/.ssh/id_ed25519.pub and ~/.ssh/id_ed25519 respectively

cat ~/.ssh/id_ed25519.pub

Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.

Using your keypair

ssh to your tilde:

ssh username@your.tilde