Ssh: Difference between revisions

From Tildeverse Wiki
(Add article about ssh and created category guides)
 
(added a title to the section on connecting to tildes)
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:ssh}}
The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.


Line 5: Line 6:
RSA is the de-facto standard and is supported everywhere (just choose a big enough key like 4096 bits to be secure). Ed25519 is designed to be faster and smaller withouth sacrificing security, so is best suited for embedded devices or machines with low resources. It's supported on tilde (and really on any modern system) but you may find older systems which do not support it.
RSA is the de-facto standard and is supported everywhere (just choose a big enough key like 4096 bits to be secure). Ed25519 is designed to be faster and smaller withouth sacrificing security, so is best suited for embedded devices or machines with low resources. It's supported on tilde (and really on any modern system) but you may find older systems which do not support it.


Below you'll find instructions to generate either type (or both if you want).
Keep in mind that these instructions leave your private keys unencrypted in your local hard disk. So keep them private; never share them. A good solution is to provide a password for them at creation time, but this implies entering a password any time you used them (impractical) or use something like ssh-agent (a bit more complex)
 
= Instructions for connecting to Tildes =
 
== Linux ==


Keep in mind that these instructions leave your private keys unencrypted in your local hard disk. So keep them private; never share them. A good solution is to provide a password for them at creation time, but this implies entering a password any time you used them (impractical) or use something like ssh-agent (a bit more complex)
=== Generating your keypair ===
Make sure you have a <code>~/.ssh</code> directory (the -m 700 ensures it has the correct file permissions)
<code>mkdir -m 700 ~/.ssh</code>
Create your keys
<code>ssh-keygen -t ed25519 -a 100</code>
If you press enter to accept the defaults, your public and private key will be located at <code>~/.ssh/id_ed25519.pub</code> and <code>~/.ssh/id_ed25519</code> respectively
<code>cat ~/.ssh/id_ed25519.pub</code>
Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.
 
=== Using your keypair ===
<code>ssh</code> to your tilde
<code>ssh username@your.tilde</code>


== Generating your keypair ==
== Mac ==


=== Linux ===
=== Generating your keypair ===


# make sure you have a <code>~/.ssh</code> directory
* Open terminal (it’s in <code>/Applications/Utilities</code>)
* Make sure you have a <code>~/.ssh</code> directory (the -m 700 ensures it has the correct file permissions)


  <code>mkdir -m 700 ~/.ssh</code>
  <code>mkdir -m 700 ~/.ssh</code>
Create your keys
<code>ssh-keygen -t ed25519 -a 100</code>
If you press enter to accept the defaults, your public and private key will be located at <code>~/.ssh/id_ed25519.pub</code> and <code>~/.ssh/id_ed25519</code> respectively
<code>cat ~/.ssh/id_ed25519.pub</code>
Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.
=== Using your keypair ===
<code>ssh</code> to your tilde:
<code>ssh username@your.tilde</code>
== Windows ==


# create your keys
==== Ensure OpenSSH is installed ====


* Open Settings, select Apps, then select Optional Features
* Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then...
* Find OpenSSH Client, then select Install
=== Generating your keypair ===
You only need to generate your keypair one time. You will provide the public key to the tilde service you want to use and you will keep your private key a secret known only to yourself. It is a good idea to backup these keys somewhere safe, perhaps a USB stick, so you don't lose them.
To begin generating your keys, open your command prompt (Start -> Search -> type "cmd"). Then run the following command.
  <code>ssh-keygen -t ed25519 -a 100</code>
  <code>ssh-keygen -t ed25519 -a 100</code>
If you press enter to accept the defaults, your public and private key will be located at <code>%USERPROFILE%\.ssh\id_ed25519.pub</code> and <code>%USERPROFILE%\.ssh\id_ed25519</code> respectively.


# if you press enter to accept the defaults, your public and private key will be located at <code>~/.ssh/id_ed25519.pub</code> and <code>~/.ssh/id_ed25519</code> respectively
''Note: %USERPROFILE% is a short code that the computer expands to mean c:\users\your_name\, or whatever the relevant path is to your user's main folder.''
# <code>cat ~/.ssh/id_ed25519.pub</code>
# copy the output of the last command and paste it in the sshkey field on the signup form
 
==== Using your keypair ====


# open a terminal (this depends on your distro)
Next we will open up the public key so we can copy its contents.
# <code>ssh</code> to your tilde:
<code>notepad %USERPROFILE%\.ssh\id_ed25519.pub</code>
Copy the text of the pubkey that opens in Notepad and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.


=== Using your keypair ===
<code>ssh</code> to your tilde:
  <code>ssh username@your.tilde</code>
  <code>ssh username@your.tilde</code>
''Note: If you generated your key to the location above (%USERPROFILE%\ssh\...) then you will be able to SSH to your tilde server without having to specify the location of the key. That folder is the default used by SSH and it will be found automatically. If you generated your keys in a different location or moved them, you will need to specify the full path to the '''private''' key.''
<code>ssh -i c:\path\to\my\private\key username@your.tilde</code>
[[Category:Guides]]
[[Category:Guides]]

Latest revision as of 14:25, 2 October 2022

The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

SSH supports a handful of types of cryptographic keys. The most used are RSA and the more modern ed25519.

RSA is the de-facto standard and is supported everywhere (just choose a big enough key like 4096 bits to be secure). Ed25519 is designed to be faster and smaller withouth sacrificing security, so is best suited for embedded devices or machines with low resources. It's supported on tilde (and really on any modern system) but you may find older systems which do not support it.

Keep in mind that these instructions leave your private keys unencrypted in your local hard disk. So keep them private; never share them. A good solution is to provide a password for them at creation time, but this implies entering a password any time you used them (impractical) or use something like ssh-agent (a bit more complex)

Instructions for connecting to Tildes

Linux

Generating your keypair

Make sure you have a ~/.ssh directory (the -m 700 ensures it has the correct file permissions)

mkdir -m 700 ~/.ssh

Create your keys

ssh-keygen -t ed25519 -a 100

If you press enter to accept the defaults, your public and private key will be located at ~/.ssh/id_ed25519.pub and ~/.ssh/id_ed25519 respectively

cat ~/.ssh/id_ed25519.pub

Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.

Using your keypair

ssh to your tilde

ssh username@your.tilde

Mac

Generating your keypair

  • Open terminal (it’s in /Applications/Utilities)
  • Make sure you have a ~/.ssh directory (the -m 700 ensures it has the correct file permissions)
mkdir -m 700 ~/.ssh

Create your keys

ssh-keygen -t ed25519 -a 100

If you press enter to accept the defaults, your public and private key will be located at ~/.ssh/id_ed25519.pub and ~/.ssh/id_ed25519 respectively

cat ~/.ssh/id_ed25519.pub

Copy the output of the last command and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.

Using your keypair

ssh to your tilde:

ssh username@your.tilde

Windows

Ensure OpenSSH is installed

  • Open Settings, select Apps, then select Optional Features
  • Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then...
  • Find OpenSSH Client, then select Install

Generating your keypair

You only need to generate your keypair one time. You will provide the public key to the tilde service you want to use and you will keep your private key a secret known only to yourself. It is a good idea to backup these keys somewhere safe, perhaps a USB stick, so you don't lose them.

To begin generating your keys, open your command prompt (Start -> Search -> type "cmd"). Then run the following command.

ssh-keygen -t ed25519 -a 100

If you press enter to accept the defaults, your public and private key will be located at %USERPROFILE%\.ssh\id_ed25519.pub and %USERPROFILE%\.ssh\id_ed25519 respectively.

Note: %USERPROFILE% is a short code that the computer expands to mean c:\users\your_name\, or whatever the relevant path is to your user's main folder.

Next we will open up the public key so we can copy its contents.

notepad %USERPROFILE%\.ssh\id_ed25519.pub

Copy the text of the pubkey that opens in Notepad and paste it in the sshkey field on the signup form or email it to the relevant sign-up address for the tilde you are joining.

Using your keypair

ssh to your tilde:

ssh username@your.tilde

Note: If you generated your key to the location above (%USERPROFILE%\ssh\...) then you will be able to SSH to your tilde server without having to specify the location of the key. That folder is the default used by SSH and it will be found automatically. If you generated your keys in a different location or moved them, you will need to specify the full path to the private key.

ssh -i c:\path\to\my\private\key username@your.tilde