diff --git a/docs/howto_ssh.md b/docs/howto_ssh.md new file mode 100644 index 0000000..7ff520b --- /dev/null +++ b/docs/howto_ssh.md @@ -0,0 +1,118 @@ + +## Create a new ssh key pair + +In this example, we will create an `ed25519` and `rsa4096` ssh keys. The first one is more recent and faster while the second is slow as +fuck, but compatible everywhere. Then will see how to enable them. + + > Note: For practical reasons, it's not recommanded to have more than 3 SSH key pairs per ID, as SSH client does not try more than 3 keys + before trying other authentications methods. Also you can use the same password for your ssh keys (belonging to the same ID!) if you want to + be able to unlock all your SSH keys at once. + + +### Create key pairs + +First enable your id: +``` +[joey@joeylaptop .ssh]$ i joey +NOTICE: Enabling id ... +NOTICE: Enabling ssh ... +NOTICE: Enabling ps1 ... +NOTICE: Identity 'joey' is loaded +``` + +Then create your new `ed25519` SSH key: +``` +(joey) [joey@joeylaptop .ssh]$ i ssh new +INFO: Key destination dir: /home/joey/.ssh/joey +> Username [joey]: +> Hostname [joeylaptop.myhome.net]: +Please choose key types: +n) ed25519 strongest, fast +s) rsa4096 most compatible, slow +o) rsa2048 old compatility +> Key types [ns]: n + +Define key passphrase for the key(s). +Leave it empty for no password (not recommemded). +> Key passphrase [none]: +> Confirm passphrase: + +> Generating key ... +Generating public/private ed25519 key pair. +Your identification has been saved in /home/joey/.ssh/joey/joey_ed25519_20201104 +Your public key has been saved in /home/joey/.ssh/joey/joey_ed25519_20201104.pub +The key fingerprint is: +SHA256:tMLyxatG1TtK+qaPV14wArZUqU/cGojvUycKVp/JDIw joey@joeylaptop.myhome.net:ed25519_20201104 +The key's randomart image is: ++--[ED25519 256]--+ +| ... | +| + . | +| * *.o | +| E.Bo*.= | +| .ooOS* + | +| oooo%.= . | +| . +.=.* o | +| *o+ . | +| .+Bo | ++----[SHA256]-----+ + +INFO: Key(s) has been created in /home/joey/.ssh/joey +``` + +Let's create another key `rsa4096`, with the same password as the previous one: +``` +(joey) [joey@joeylaptop .ssh]$ i ssh new +INFO: Key destination dir: /home/joey/.ssh/joey +> Username [joey]: +> Hostname [joeylaptop.myhome.net]: +Please choose key types: +n) ed25519 strongest, fast +s) rsa4096 most compatible, slow +o) rsa2048 old compatility +> Key types [ns]: s + +Define key passphrase for the key(s). +Leave it empty for no password (not recommemded). +> Key passphrase [none]: +> Confirm passphrase: + +> Generating key ... +Generating public/private rsa key pair. +Your identification has been saved in /home/joey/.ssh/joey/joey_rsa4096_20201104 +Your public key has been saved in /home/joey/.ssh/joey/joey_rsa4096_20201104.pub +The key fingerprint is: +SHA256:mxcxTOj57nXB5y6h5mQV9d+pFSxIoxJgvTtzn+6PJdw joey@joeylaptop.myhome.net:rsa4096_20201104 +The key's randomart image is: ++---[RSA 4096]----+ +| oo. ..o .| +| . .ooo o ...| +| o.o+. ..o.| +| .+ o ...=| +| S.. +o+| +| + +o...++ | +| *.oo=E...| +| ..**... | +| .+*o. ..| ++----[SHA256]-----+ + +INFO: Key(s) has been created in /home/joey/.ssh/joey +``` + +### Enable keypairs + +Then you can enable with one password your ssh keys: +``` +(joey) [joey@joeylaptop .ssh]$ i ssh add +INFO__: Adding keys: + ~/.ssh/joey/joey_ed25519_20201104 + ~/.ssh/joey/joey_rsa4096_20201104 + +Enter passphrase for /home/joey/.ssh/joey/joey_ed25519_20201104: +Identity added: /home/joey/.ssh/joey/joey_ed25519_20201104 (joey@joeylaptop.myhome.net:ed25519_20201104) +Identity added: /home/joey/.ssh/joey/joey_rsa4096_20201104 (joey@joeylaptop.myhome.net:rsa4096_20201104) +(joey) [joey@joeylaptop .ssh]$ i ssh + 256 SHA256:tMLyxatG1TtK+qaPV14wArZUqU/cGojvUycKVp/JDIw joey@joeylaptop.myhome.net:ed25519_20201104 (ED25519) + 4096 SHA256:mxcxTOj57nXB5y6h5mQV9d+pFSxIoxJgvTtzn+6PJdw joey@joeylaptop.myhome.net:rsa4096_20201104 (RSA) + +``` +