Browse files

Add article on OpenSSH public key auth

In addition to adding the article itself, make changes to the default
layout and stylesheets for better appearance of article pages.
  • Loading branch information...
1 parent a39fd29 commit 4ff2ec4ee3000f354eed18d3acfa48d8a775a0bd @query query committed Sep 25, 2011
Showing with 112 additions and 5 deletions.
  1. +1 −1 Rules
  2. +89 −0 content/help/openssh-keygen.markdown
  3. +1 −0 content/index.markdown
  4. +11 −2 content/stylesheet.scss
  5. +10 −2 layouts/default.haml
@@ -40,4 +40,4 @@ route '*' do
-layout '*', :haml
+layout '*', :haml, :ugly => true
@@ -0,0 +1,89 @@
+title: Key-based authentication with OpenSSH
+In the interests of security, the Computer Science Club Dominion Server only
+accepts key-based authentication for logging into its SSH server. This renders
+brute-force password attacks ineffective, and reduces the potential for remote
+access vulnerabilities. Here’s a quick guide for OpenSSH users on how to
+create your own key pair and use it to log in to the CSCDS.
+<section markdown="1">
+Creating your keys
+To generate a key pair, first run `ssh-keygen` at a shell prompt on your local
+machine. You’ll be prompted for a filename to use for the key pair (you can
+enter nothing to accept the default of `~/.ssh/id_rsa`), then a passphrase:
+ me@localhost:~$ ssh-keygen
+ Generating public/private rsa key pair.
+ Enter file in which to save the key (/home/me/.ssh/id_rsa):
+ Enter passphrase (empty for no passphrase): Enter same passphrase again:
+This passphrase is used to encrypt the private key on your local computer, so
+it’s recommended that you pick a strong one so that your account is not open to
+immediate compromise should the key files be lost. After entering a filename
+and passphrase, you’ll get something like the following output:
+ Your identification has been saved in /home/me/.ssh/id_rsa.
+ Your public key has been saved in /home/me/.ssh/
+ The key fingerprint is:
+ 12:34:56:78:9a:bc:de:f0:12:34:56:78:9a:bc:de me@localhost
+ The key's randomart image is:
+ +--[ RSA 2048]----+
+ | ..o. |
+ | .o..o |
+ |o..oo . |
+ |+o.. o |
+ |E . . o S |
+ |=o + . . |
+ |+.o . |
+ | ..o |
+ | .. . |
+ +-----------------+
+You’ll notice that two files have been created: a private key file with the
+filename that you specified (here, `id_rsa`) and a corresponding public key
+file (``). The private key is, as the name implies, only for
+you&nbsp;— you’ll use the (decrypted) contents of this file, which the SSH
+server checks against the public key on the server side, to log in.
+Which means, of course, that you’ll need to get the public key on the server
+first. This is where you send an e-mail to the administrators with your SSH
+username and the contents of `` (_not_ `id_rsa`, which is for your
+eyes only and useless to the administrators anyway).
+<section markdown="1">
+Logging in for the first time
+Once you’ve received word that your private key can be used to log in, you can
+use the following command to specify your key file and log in to the CSCDS:
+ ssh -i /home/me/.ssh/id_rsa
+Of course, replace `me` with your username and the path after `-i` with the
+actual path to the private key file if you specified a different one. You
+should be prompted for your passphrase, and if all goes well, you’ll get the
+CSCDS welcome banner and a shell prompt. Yay!
+<section markdown="1">
+Editing your SSH configuration file
+Now, entering that entire command line every single time you want to log in
+will get old _really_ quickly. Fortunately, you can edit your `~/.ssh/config`
+file and specify that you want to always send a certain key file and username
+when you log in to the CSCDS. Simply add the following lines to `config`,
+creating it if it doesn’t exist:
+ Host
+ IdentityFile /home/me/.ssh/id_rsa
+ User me
+Now you can log in by simply entering `ssh`, and OpenSSH will
+automatically pick up on your key file and username.
@@ -15,6 +15,7 @@ Informal leadership committee for 2011–12:
Other things you may find useful:
+* [Key-based authentication with OpenSSH](help/openssh-keygen/)
* [Slides for Chris Davis’ CrackChats](crackchat/)
* CS Club SBP forum results:
@@ -7,13 +7,22 @@ html, body {
#wrapper {
+ position: relative;
width: 566px;
font: 83%/1.25 'Helvetica Neue', 'Arial', sans-serif;
margin: 2em auto 0;
padding: 65px 0 0 110px;
background: url(cowlogo.png) no-repeat;
-header {
- display: none;
+header, header h1, header a {
+ display: block;
+ position: absolute;
+ left: 0;
+ top: 0;
+ width: 676px;
+ height: 65px;
+ text-indent: -999px;
+ margin: 0;
+ padding: 0;
@@ -11,6 +11,14 @@
- %h1 UNC Computer Science Club
+ %h1
+ - if @item.identifier == '/'
+ UNC Computer Science Club
+ - else
+ %a{:href => '/'} UNC Computer Science Club
- = yield
+ %article
+ - if @item[:title]
+ %h1= @item[:title]
+ = yield

0 comments on commit 4ff2ec4

Please sign in to comment.