Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Add article on OpenSSH public key auth

In addition to adding the article itself, make changes to the default
layout and stylesheets for better appearance of article pages.
  • Loading branch information...
commit 4ff2ec4ee3000f354eed18d3acfa48d8a775a0bd 1 parent a39fd29
@query query authored
2  Rules
@@ -40,4 +40,4 @@ route '*' do
-layout '*', :haml
+layout '*', :haml, :ugly => true
89 content/help/openssh-keygen.markdown
@@ -0,0 +1,89 @@
+title: Key-based authentication with OpenSSH
+In the interests of security, the Computer Science Club Dominion Server only
+accepts key-based authentication for logging into its SSH server. This renders
+brute-force password attacks ineffective, and reduces the potential for remote
+access vulnerabilities. Here’s a quick guide for OpenSSH users on how to
+create your own key pair and use it to log in to the CSCDS.
+<section markdown="1">
+Creating your keys
+To generate a key pair, first run `ssh-keygen` at a shell prompt on your local
+machine. You’ll be prompted for a filename to use for the key pair (you can
+enter nothing to accept the default of `~/.ssh/id_rsa`), then a passphrase:
+ me@localhost:~$ ssh-keygen
+ Generating public/private rsa key pair.
+ Enter file in which to save the key (/home/me/.ssh/id_rsa):
+ Enter passphrase (empty for no passphrase): Enter same passphrase again:
+This passphrase is used to encrypt the private key on your local computer, so
+it’s recommended that you pick a strong one so that your account is not open to
+immediate compromise should the key files be lost. After entering a filename
+and passphrase, you’ll get something like the following output:
+ Your identification has been saved in /home/me/.ssh/id_rsa.
+ Your public key has been saved in /home/me/.ssh/
+ The key fingerprint is:
+ 12:34:56:78:9a:bc:de:f0:12:34:56:78:9a:bc:de me@localhost
+ The key's randomart image is:
+ +--[ RSA 2048]----+
+ | ..o. |
+ | .o..o |
+ |o..oo . |
+ |+o.. o |
+ |E . . o S |
+ |=o + . . |
+ |+.o . |
+ | ..o |
+ | .. . |
+ +-----------------+
+You’ll notice that two files have been created: a private key file with the
+filename that you specified (here, `id_rsa`) and a corresponding public key
+file (``). The private key is, as the name implies, only for
+you&nbsp;— you’ll use the (decrypted) contents of this file, which the SSH
+server checks against the public key on the server side, to log in.
+Which means, of course, that you’ll need to get the public key on the server
+first. This is where you send an e-mail to the administrators with your SSH
+username and the contents of `` (_not_ `id_rsa`, which is for your
+eyes only and useless to the administrators anyway).
+<section markdown="1">
+Logging in for the first time
+Once you’ve received word that your private key can be used to log in, you can
+use the following command to specify your key file and log in to the CSCDS:
+ ssh -i /home/me/.ssh/id_rsa
+Of course, replace `me` with your username and the path after `-i` with the
+actual path to the private key file if you specified a different one. You
+should be prompted for your passphrase, and if all goes well, you’ll get the
+CSCDS welcome banner and a shell prompt. Yay!
+<section markdown="1">
+Editing your SSH configuration file
+Now, entering that entire command line every single time you want to log in
+will get old _really_ quickly. Fortunately, you can edit your `~/.ssh/config`
+file and specify that you want to always send a certain key file and username
+when you log in to the CSCDS. Simply add the following lines to `config`,
+creating it if it doesn’t exist:
+ Host
+ IdentityFile /home/me/.ssh/id_rsa
+ User me
+Now you can log in by simply entering `ssh`, and OpenSSH will
+automatically pick up on your key file and username.
1  content/index.markdown
@@ -15,6 +15,7 @@ Informal leadership committee for 2011–12:
Other things you may find useful:
+* [Key-based authentication with OpenSSH](help/openssh-keygen/)
* [Slides for Chris Davis’ CrackChats](crackchat/)
* CS Club SBP forum results:
13 content/stylesheet.scss
@@ -7,6 +7,7 @@ html, body {
#wrapper {
+ position: relative;
width: 566px;
font: 83%/1.25 'Helvetica Neue', 'Arial', sans-serif;
margin: 2em auto 0;
@@ -14,6 +15,14 @@ html, body {
background: url(cowlogo.png) no-repeat;
-header {
- display: none;
+header, header h1, header a {
+ display: block;
+ position: absolute;
+ left: 0;
+ top: 0;
+ width: 676px;
+ height: 65px;
+ text-indent: -999px;
+ margin: 0;
+ padding: 0;
12 layouts/default.haml
@@ -11,6 +11,14 @@
- %h1 UNC Computer Science Club
+ %h1
+ - if @item.identifier == '/'
+ UNC Computer Science Club
+ - else
+ %a{:href => '/'} UNC Computer Science Club
- = yield
+ %article
+ - if @item[:title]
+ %h1= @item[:title]
+ = yield

0 comments on commit 4ff2ec4

Please sign in to comment.
Something went wrong with that request. Please try again.