💾 Archived View for rawtext.club › ~samhunter › ssh.gmi captured on 2022-04-29 at 11:37:04. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
/ \ / k --- a b --- f / \ / \ me --- l i \ / \ / j --- c d --- e \ / g --- h
$ rm -rf ~/.ssh
If you *did* already use an SSH key -- why don't you just use your current key for RTC? You might want to skip to Step 3 now...
$ ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "${USER}@${HOSTNAME}"
You can replace "${USER}@${HOSTNAME}" with anything, but yourname@yoursystem is a reasonable choice.
Quoting https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54
-o : Save the private-key using the new OpenSSH format rather than the PEM format. Actually, this option is implied when you specify the key type as ed25519.
-a: It’s the numbers of KDF (Key Derivation Function) rounds. Higher numbers result in slower passphrase verification, increasing the resistance to brute-force password cracking should the private-key be stolen.
-t: Specifies the type of key to create, in our case the Ed25519.
-f: Specify the filename of the generated key file. If you want it to be discovered automatically by the SSH agent, it must be stored in the default `.ssh` directory within your home directory.
-C: An option to specify a comment. It’s purely informational and can be anything. But it’s usually filled with <login>@<hostname> who generated the key.
Open your fresh ~/.ssh/id_ed25519.pub file in an editor of your choice.
Your public key looks like that:
ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIBRPB42CBF4VCXBFNGMdchT1a3nCYc4qOx17SOne8Bldb50itVg90
yourname@laptop)
-- or that --
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRPB42CBF4VCXBFNGMdchT1a3nCYc4qOx17SOne8Bldb50itVg90 yourname@laptop
Be sure to select it completely, from 'ssh-ed2...' to the end of the line ('...laptop' in the example), copy it.
Paste the cryptic string into your ~/.ssh/authorized_keys file on RTC, save the file
Type the following command in a terminal window on RTC, then copy and paste your key.
cat >> ~/.ssh/authorized_keys && chmod 0600 ~/.ssh/authorized_keys
Then press Ctrl-D
$ cat ~/.ssh/authorized_keys
Try to connect from your new system before dropping the connection on your current system, otherwise you might lock yourself out.
Of course RTC administrator will help you to get back in if you screw it up, but:
1) he has his own life too,
2) avoiding problems is better than solving them,
3) doing it right gives you good karma and...
4) it saves you from looking like a complete dolt ;-)
Unless you want to know more... Read on, then:
More of everything. Locations, files, older (RSA) algorithms...
$ ssh-keygen -t rsa -b 2048 <just keep pressing Enter>
$HOME/.ssh folder will be created (if not present at the time of invoking)
$ gio tree $HOME/.ssh file:///home/samhunter/.ssh |-- authorized_keys `-- known_hosts $ ls -ld $HOME/.ssh drwx------ 2 samhunter samhunter 4096 Jul 20 22:03 /home/samhunter/.ssh $ ls -l $HOME/.ssh total 8 -rw------- 1 samhunter samhunter 446 Jun 3 18:27 authorized_keys -rw-r--r-- 1 samhunter samhunter 185 Jun 18 16:09 known_hosts $ cat $HOME/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3 Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx NrRFi9wrf+M7Q== me@mylocal.computer
^^^^^ we will mark everything from ssh-rsa... to ...computer for the next step
Login using your password.
Then:
$ mkdir $HOME/.ssh $ chmod 0700 $HOME/.ssh ## type the line, then paste the key selected in the previous step, then type Ctrl-D (^D) $ cat >> $HOME/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU GPl+nafzlHDTYW7hdI4yZ5ew18JH4JW9jbhUFrviQzM7xlELEVf4h9lFX5QVkbPppSwg0cda3 Pbv7kOdJ/MTyBlWXFCR+HAo3FXRitBqxiX1nKhXpHAZsMciLq8V6RjsNAQwdsdMFvSlVK/7XA t3FaoJoAsncM1Q9x5+3V0Ww68/eIFmb1zuUFljQJKprrX88XypNDvjYNby6vw/Pb0rwert/En mZ+AW4OZPnTPI89ZPmVMLuayrD2cE86Z/il8b+gw3r3+1nKatmIkjn2so1d01QraTlMqVSsbx NrRFi9wrf+M7Q== me@mylocal.computer ^D $ $ chmod 0600 $HOME/.ssh/authorized_keys
ssh me@remotesystem
The fingerprint you accept with 'yes' will be stored in $HOME/.ssh/known_hosts
Make sure it is a file (not a folder!) and is world readable (-rw-r--r--/0644)
-- sam
Credits where credits are due:
@deerbard tested the instructions and provided valuable feedback. Thank you!
Risan's article motivated me to finally upgrade my keys from RSA