[Maxlinux-devel] Rough-draft SSH access instructions

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

This is a first draft of user instructions for SSH/SFTP access. =20
Suggestions for change are welcome.

INSTRUCTIONS FOR SSH ACCESS:

First, an overview of some dry theory.

OpenSSH likes to work through "RSA key pairs"--a pair of=20
encrypted keys that are related to each other in a rather=20
unusual way.  An RSA key pair consists of a public and a private=20
key.  Data encrypted with one key can be decrypted with the=20
other key in the pair, but not with the original key.  This=20
leads to some very interesting applications in information=20
security.  RSA keys, as applied to OpenSSH, work in the=20
following manner:

A user keeps an RSA key pair in his own personal directory (on=20
UNIX systems, this is typically ~/.ssh).  The private key is=20
called "id_rsa", and the public key is called "id_rsa.pub".  The=20
keys are generated randomly by a program called "ssh-keygen"=20
that comes with the OpenSSH distribution; they may optionally be=20
salted with a password, preferably one known only to the owner
of the keys.

The id_rsa.pub file is for distribution to any SSH server where=20
you want shell access.  The id_rsa file (the private key) is for=20
the OWNER'S EYES ONLY!  The practical upshot of this arrangement=20
is that with proper SSH setup, a user in possession of a private=20
RSA key is allowed to connect to any SSH server in possession of=20
the corresponding public RSA key, and all communications between
server and client are kept reasonably secure via strong=20
encryption.

Now for the step-by-step guide to inceptionos.org shell access:

1) Download and install the latest stable version of OpenSSH.  I=20
   will not cover this here, as I expect InceptionOS developers=20
   to be reasonably capable of installing software on their own.=20
   ;)

2) On your local system, choose which user account you want to=20
   use to log in to remote SSH servers.  If this user does not=20
   already have an RSA key pair, you will have to generate one:

       As this user, run "ssh-keygen -t rsa".  It will ask you=20
       for a password; you can leave this blank, but it is=20
       recommended that you use a password for added security. =20
       This will produce two files: ~/.ssh/id_rsa (your private=20
       key) and ~/.ssh/id_rsa.pub (your public key).

3) DO NOT GIVE YOUR ~/.ssh/id_rsa FILE TO ANYONE.  DO NOT SHOW IT=20
   TO ANYONE.  BE VERY CAREFUL OF WHO MIGHT HAVE ACCESS TO IT. =20
   IF YOU ENTERED A PASSWORD WHEN GENERATING YOUR RSA KEYS, DO=20
   NOT FORGET THIS PASSWORD, AND DO NOT GIVE THIS PASSWORD TO=20
   ANYONE.

4) Send an e-mail to Terry Churchill (te...@do...)=20
   requesting SSH access to inceptionos.org.  Within this e-mail,=20
   note the UNIX-style username you wish to use on=20
   inceptionos.org, and attach your ~/.ssh/id_rsa.pub file (NOT=20
   your ~/.ssh/id_rsa file) to the e-mail.  You will be notified=20
   when your request is granted or denied.

5) If your request is granted, you should be able to log in to=20
   the inceptionos.org server via "ssh=20
   <username>@inceptionos.org".  Enter your RSA key password if=20
   it is requested.

6) You should now be successfully logged in to inceptionos.org. =20
   If login fails, run "ssh -v -v <username>@inceptionos.org" and=20
   capture the output; it will describe exactly what seemed to=20
   fail.

--=20
Kelledin
"If a server crashes in a server farm and no one pings it, does=20
it still cost four figures to fix?"