diff options
| author | Jesus <heckyel@hyperbola.info> | 2025-05-18 16:06:28 -0500 |
|---|---|---|
| committer | Jesus <heckyel@hyperbola.info> | 2025-05-18 16:06:28 -0500 |
| commit | 967947b6da723b310086a59112c8b164dcc85b6a (patch) | |
| tree | 7b9d08c02620e688d45ba040df0bf9b8a9d66b2c /ssh/README.md | |
| parent | 3f93f5c5e4e9c72c85d0649986f4ceff670105de (diff) | |
| download | book-967947b6da723b310086a59112c8b164dcc85b6a.tar.lz book-967947b6da723b310086a59112c8b164dcc85b6a.tar.xz book-967947b6da723b310086a59112c8b164dcc85b6a.zip | |
Diffstat (limited to 'ssh/README.md')
| -rw-r--r-- | ssh/README.md | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/ssh/README.md b/ssh/README.md index 271ab98..0b32181 100644 --- a/ssh/README.md +++ b/ssh/README.md @@ -3,13 +3,18 @@ ### Generate SSH key pair ```console -$ ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com" +ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "lupin@example.com" +``` + +#### Hardware Key +```console +ssh-keygen -o -a 100 -t ed25519-sk -f ~/.ssh/id_ed25519 -C "lupin@example.com" ``` #### Change private key permissions ```console -$ chmod 600 ~/.ssh/id_ed25519 +chmod 600 ~/.ssh/id_ed25519 ``` ### Client usage @@ -17,7 +22,7 @@ $ chmod 600 ~/.ssh/id_ed25519 To connect to a server, run: ```console -$ ssh -p port user@server-address +ssh -p port user@server-address ``` `port` for default is `22` @@ -25,11 +30,11 @@ $ ssh -p port user@server-address #### Copy SSH key ```console -$ doas pacman -S xclip +doas pacman -S xclip ``` ```console -$ xclip -sel clip < ~/.ssh/id_ed25519.pub +xclip -sel clip < ~/.ssh/id_ed25519.pub ``` #### Configuration @@ -37,7 +42,7 @@ $ xclip -sel clip < ~/.ssh/id_ed25519.pub The client can be configured to store common options and hosts. All options can be declared globally or restricted to specific hosts. For example: ```console -$ nano -w ~/.ssh/config +nano -w ~/.ssh/config ``` ```bash @@ -53,11 +58,11 @@ Host myserver With such a configuration, the following commands are equivalent ```console -$ ssh -p port user@server-address +ssh -p port user@server-address ``` ```console -$ ssh myserver +ssh myserver ``` ### Server usage @@ -87,7 +92,7 @@ Banner /etc/issue ### Copy public key to server ```console -$ ssh-copy-id -i ~/.ssh/mykey.pub user@host +ssh-copy-id -i ~/.ssh/mykey.pub user@host ``` #### Securing the authorized_keys file @@ -97,5 +102,5 @@ For additional protection, you can prevent users from adding new public keys and In the server, make the authorized_keys file read-only for the user and deny all other permissions: ```console -$ chmod 400 ~/.ssh/authorized_keys +chmod 400 ~/.ssh/authorized_keys ``` |