diff options
Diffstat (limited to 'ssh/README.md')
| -rw-r--r-- | ssh/README.md | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/ssh/README.md b/ssh/README.md index 271ab98..0b32181 100644 --- a/ssh/README.md +++ b/ssh/README.md @@ -3,13 +3,18 @@ ### Generate SSH key pair ```console -$ ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com" +ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "lupin@example.com" +``` + +#### Hardware Key +```console +ssh-keygen -o -a 100 -t ed25519-sk -f ~/.ssh/id_ed25519 -C "lupin@example.com" ``` #### Change private key permissions ```console -$ chmod 600 ~/.ssh/id_ed25519 +chmod 600 ~/.ssh/id_ed25519 ``` ### Client usage @@ -17,7 +22,7 @@ $ chmod 600 ~/.ssh/id_ed25519 To connect to a server, run: ```console -$ ssh -p port user@server-address +ssh -p port user@server-address ``` `port` for default is `22` @@ -25,11 +30,11 @@ $ ssh -p port user@server-address #### Copy SSH key ```console -$ doas pacman -S xclip +doas pacman -S xclip ``` ```console -$ xclip -sel clip < ~/.ssh/id_ed25519.pub +xclip -sel clip < ~/.ssh/id_ed25519.pub ``` #### Configuration @@ -37,7 +42,7 @@ $ xclip -sel clip < ~/.ssh/id_ed25519.pub The client can be configured to store common options and hosts. All options can be declared globally or restricted to specific hosts. For example: ```console -$ nano -w ~/.ssh/config +nano -w ~/.ssh/config ``` ```bash @@ -53,11 +58,11 @@ Host myserver With such a configuration, the following commands are equivalent ```console -$ ssh -p port user@server-address +ssh -p port user@server-address ``` ```console -$ ssh myserver +ssh myserver ``` ### Server usage @@ -87,7 +92,7 @@ Banner /etc/issue ### Copy public key to server ```console -$ ssh-copy-id -i ~/.ssh/mykey.pub user@host +ssh-copy-id -i ~/.ssh/mykey.pub user@host ``` #### Securing the authorized_keys file @@ -97,5 +102,5 @@ For additional protection, you can prevent users from adding new public keys and In the server, make the authorized_keys file read-only for the user and deny all other permissions: ```console -$ chmod 400 ~/.ssh/authorized_keys +chmod 400 ~/.ssh/authorized_keys ``` |