diff options
| author | Jesus <heckyel@hyperbola.info> | 2025-05-18 16:06:28 -0500 |
|---|---|---|
| committer | Jesus <heckyel@hyperbola.info> | 2025-05-18 16:06:28 -0500 |
| commit | 967947b6da723b310086a59112c8b164dcc85b6a (patch) | |
| tree | 7b9d08c02620e688d45ba040df0bf9b8a9d66b2c | |
| parent | 3f93f5c5e4e9c72c85d0649986f4ceff670105de (diff) | |
| download | book-967947b6da723b310086a59112c8b164dcc85b6a.tar.lz book-967947b6da723b310086a59112c8b164dcc85b6a.tar.xz book-967947b6da723b310086a59112c8b164dcc85b6a.zip | |
| -rw-r--r-- | gpg/README.md | 40 | ||||
| -rw-r--r-- | ssh/README.md | 25 |
2 files changed, 35 insertions, 30 deletions
diff --git a/gpg/README.md b/gpg/README.md index 4a15a17..b49054a 100644 --- a/gpg/README.md +++ b/gpg/README.md @@ -3,7 +3,7 @@ ### Generate ```console -$ gpg --full-gen-key +gpg --full-gen-key ``` ### Basic usage @@ -11,86 +11,86 @@ $ gpg --full-gen-key Signature sig mode: ```console -$ gpg --detach-sign file.ext +gpg --detach-sign file.ext ``` Signature asc mode: ```console -$ gpg --armor --sign file.ext +gpg --armor --sign file.ext ``` Verify: ```console -$ gpg --verify file.sig +gpg --verify file.sig ``` ### My user-id ```console -$ gpg -K +gpg -K ``` ### All users-ids ```console -$ gpg -k +gpg -k ``` ### Copy Public Key ```console -gpg --export --armor $(gpg -K --with-colons --keyid-format SHORT | awk -F: '/^pub:/ { print $5 }') | xclip -sel clip +gpg --export --armor $(gpg -K --with-colons | awk -F: '/^sec/ { getline; print $10; exit }') ``` ### Copy Private key (Caution) ```console -$ gpg --export-secret-keys -a <user-id> | xclip -sel clip +gpg --export-secret-keys -a <user-id> | xclip -sel clip ``` ### Change password gpg ```console -$ gpg --edit-key <user-id> +gpg --edit-key <user-id> passwd ``` ### Debug gpg ```console -$ dirmngr --debug-level guru +dirmngr --debug-level guru ``` ### Import key: ```console -$ gpg --recv-keys $esefingerprint +gpg --recv-keys $esefingerprint ``` ### Import key from server: ```console -$ gpg --recv-keys <user-id> --keyserver pgp.mit.edu +gpg --recv-keys <user-id> --keyserver pgp.mit.edu ``` ### Export key 0: ```console -$ gpg --export --armor <user-id> > public.key +gpg --export --armor <user-id> > public.key ``` ### Export key 1: ```console -$ gpg --armor --output public.key --export <user-id> +gpg --armor --output public.key --export <user-id> ``` ### Export key to server ```console -$ gpg --keyserver pgp.mit.edu --send-keys <user-id> +gpg --keyserver pgp.mit.edu --send-keys <user-id> ``` ## Cifrado @@ -98,32 +98,32 @@ $ gpg --keyserver pgp.mit.edu --send-keys <user-id> #### Cifrar ```console -$ gpg --symmetric <miarchivo> +gpg --symmetric <miarchivo> ``` #### Descifrado ```console -$ gpg --output <archivo.ext> --decrypt <archivo.gpg> +gpg --output <archivo.ext> --decrypt <archivo.gpg> ``` ### Cifrado Asimétrico #### Encryt ```console -$ gpg --recipient <user-id> --encrypt archivo.ext +gpg --recipient <user-id> --encrypt archivo.ext ``` #### Decrypt ```console -$ gpg --output archivo.ext --decrypt archivo.ext.gpg +gpg --output archivo.ext --decrypt archivo.ext.gpg ``` ## Refresh keys ```console -$ gpg --refresh-keys +gpg --refresh-keys ``` ### wiki diff --git a/ssh/README.md b/ssh/README.md index 271ab98..0b32181 100644 --- a/ssh/README.md +++ b/ssh/README.md @@ -3,13 +3,18 @@ ### Generate SSH key pair ```console -$ ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com" +ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "lupin@example.com" +``` + +#### Hardware Key +```console +ssh-keygen -o -a 100 -t ed25519-sk -f ~/.ssh/id_ed25519 -C "lupin@example.com" ``` #### Change private key permissions ```console -$ chmod 600 ~/.ssh/id_ed25519 +chmod 600 ~/.ssh/id_ed25519 ``` ### Client usage @@ -17,7 +22,7 @@ $ chmod 600 ~/.ssh/id_ed25519 To connect to a server, run: ```console -$ ssh -p port user@server-address +ssh -p port user@server-address ``` `port` for default is `22` @@ -25,11 +30,11 @@ $ ssh -p port user@server-address #### Copy SSH key ```console -$ doas pacman -S xclip +doas pacman -S xclip ``` ```console -$ xclip -sel clip < ~/.ssh/id_ed25519.pub +xclip -sel clip < ~/.ssh/id_ed25519.pub ``` #### Configuration @@ -37,7 +42,7 @@ $ xclip -sel clip < ~/.ssh/id_ed25519.pub The client can be configured to store common options and hosts. All options can be declared globally or restricted to specific hosts. For example: ```console -$ nano -w ~/.ssh/config +nano -w ~/.ssh/config ``` ```bash @@ -53,11 +58,11 @@ Host myserver With such a configuration, the following commands are equivalent ```console -$ ssh -p port user@server-address +ssh -p port user@server-address ``` ```console -$ ssh myserver +ssh myserver ``` ### Server usage @@ -87,7 +92,7 @@ Banner /etc/issue ### Copy public key to server ```console -$ ssh-copy-id -i ~/.ssh/mykey.pub user@host +ssh-copy-id -i ~/.ssh/mykey.pub user@host ``` #### Securing the authorized_keys file @@ -97,5 +102,5 @@ For additional protection, you can prevent users from adding new public keys and In the server, make the authorized_keys file read-only for the user and deny all other permissions: ```console -$ chmod 400 ~/.ssh/authorized_keys +chmod 400 ~/.ssh/authorized_keys ``` |