diff --git a/modules/qualifying/assets/ssh_connection_01.jpg b/modules/qualifying/assets/ssh_connection_01.jpg new file mode 100644 index 0000000..c1d30f0 Binary files /dev/null and b/modules/qualifying/assets/ssh_connection_01.jpg differ diff --git a/modules/qualifying/assets/ssh_connection_02.jpg b/modules/qualifying/assets/ssh_connection_02.jpg new file mode 100644 index 0000000..da16840 Binary files /dev/null and b/modules/qualifying/assets/ssh_connection_02.jpg differ diff --git a/modules/qualifying/learning_ssh.md b/modules/qualifying/learning_ssh.md index 0dda4c5..e2465d2 100644 --- a/modules/qualifying/learning_ssh.md +++ b/modules/qualifying/learning_ssh.md @@ -13,13 +13,13 @@ You should never use the following the following programs anymore but it's good * rcp * telnet (still has some legitimate usage such as with munin) -The main advantage of SSH is it's encryption. +The main advantage of SSH is it's **encryption**. It works similarly to SSL which you use all the time to do most of your web browsing. When using encryption it becomes **very** hard to sniff the data traveling between the client and the server. There are two versions of SSH, version 1 and version 2, and you should only use version 2 as the former is not considered [secure]() anymore. The recommended encryption used by most SSH servers is [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). If you're interested in understanding the mathematics behind AES, [this](https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg) class is exceptionally good but not for the faint of heart. -It's not mandatory to fully understand the math behind encryption to use it though. +It's however not mandatory to fully understand the math behind encryption to use it though. The main takeaway would be the number of **bit's used** where **higher** is **better**. By default ssh uses a very secure cipher but you can specify which one you want with the `-c` flag to `ssh`. Do keep in mind that the server needs to support the cipher you're requesting. @@ -227,6 +227,31 @@ permitted by applicable law. student@helloworld:~$ ``` +So, how did I add my public key to the `student`'s account authorized keys? +There is a program called `ssh-copy-id` that can do it for you, but I personally always just copy and paste it to the users `~/.ssh/authorized_keys` file. +This is an example of a server I use with the public keys that are allowed to log in. +As you can see there are **four** key's that are allowed to log in. + +``` +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9FDWJ6Dr45xQsv/dwqxBVtXuHORtfKtw7tuIe0nq4wRAhdz9XGJ+3s1Czj2YvlMV6rjxjpShG39A6Tnj9oQmqcWdxhmrXAjBQNgVJP6Gpg1NaXSsysEDcKjOcKqqwCHxQ6mYZCl7/vtQotZsTQ+aQW65+D+L6vxNEO6m+XDI283dM1FGQhn7OAN/tZf+tLRT6A4QCF1YEtb2uOsNsU8B+ilBNreqekvJRJ2dYT2QHdNdS2aEMhnHWzsnh4f2bzbpugoiWPGKiHwazePisWUU2/DjQmDq6d3sJ4AeQCt8R4ZlptOleGLdTNCjhRMDvUAMcNsR9OyeFiSok7DFHQw3Z waldek@leanone +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGKt7Qn9SSSJ7apRbCAqOYltUP+oM5wOIRQ3TLHwiGPYYHt38XWUrUjklRKWH+hagMnHiPHxbloYTtm/OzS9OXOTQJH4n+5c0Jq3OHrMQDztsqWK//gsxBZd7wlA/j6O/7Pr/6jxL0w+bwt1k+VDZR/3Mms3mRfmvGMeg5Wmr2/5GrTZocrUrKH4zgINoAk+6698T9E4YUQp1SLCg634KHA5HqupB9H7aLMovJ1p4K+qOV/MtspzgDvIkZMTFRZ9JvDqYWovaYlr5/zHBnag6/tPgBl+kmEDx6q8mybdtsB9oeARM2O2KKUISzA0PawBFbCNcI3RUSd91trzlhhUQ8 pi@pizone +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRFprKfRnfxs5lxJXfB5166OHPHHUFr4x2bqxAUc/vtkfmopytf/rhRtgnUeffoZW+KmzhWXuUKw+AjXOfO2OtsyMkbQoJKb3gsZ+KknsWsLEWCx5f8V0sc7y5UHedAuaE9Ax+KqnbPnXJWNtRVxjJCcsWnZNSKERwSjNV/K4yWsFwcdwQirurLB1AZXF0wSNd9ch4/fNX8CjOTuEkOhsUgZ9NZbNAV0LgiVeqghY9JsNt40kYNYX2BQNWk9oEaKdn0YCP+em6CPrDA6MT/rkScr+DPOGpT6GBtXirj+Krw924KjF6eSH9dnWy/ysKlp0CvflQOaVN1zEVZjDGwiAz waldek@vps-42975ad1 +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnKJ8fwHAEe6NS7MTqlAtqzUzqA0ATibR1XP8nirZritVQv7uDNVH91SKM5GSP5gTOzCmW4NQVVv47KvmRQ6yp6BugCsKL96rPMA6m/b9cTA5YDwm90cfb5I6h+kRL2mp4O63ahgGDAb5XgVy3Tq2qyxLbbkKylhw6VQFsHQXObTevSvMrRzc8t29DwS/tfbhT3R6opa2j+5woXDLpKaHrBsw9LFoelkh8jgQ9fbDx2hXwzeccaT3qpycRjtwhraVtt/FTEpJ60R+ooB/Nx2ndlT4qs3P/G3HFrbvlLzjMGlAcjHNkXgQRy6850ACC8RtM6+s4K1RCNU0fPXSy3tkb waldek@helloworld +``` + +![ssh connection overview](./assets/ssh_connection_01.jpg) + +![ssh communication overview](./assets/ssh_connection_02.jpg) + +### Keys for gitea + +Now that you know how to **create** your own RSA keys I would like you to: + +* create one (and save it somewhere safe) +* use it to push/pull from your personal [gitea](https://gitea.86thumbs.net) + +I'll let you figure it out by yourself but if you're stuck have a look at [this](https://gitea.86thumbs.net/user/settings/keys) and [this](https://pandammonium.org/how-to-change-a-git-repository-from-https-to-ssh/). + ## Standard usage ## Tweaking the sshd configuration file