2022-06-11 Meeting

Carl Miller

Open Discussion:

We had a lively conversation about digital projectors and how the ambient light favored Carl but not Gib or Dennis. Then we chatted about internet service and various media sources, and had some suggestions for methods to avoid using cable service.  After the presentation we talked about how infrared light can speed up recovery of injuries.  And of course we talked about other topics including the movies and tv shows that we have enjoyed.

The Presentation:

The topic was ssh keys, and Carl gave a live demo of how to create, test, and troubleshoot ssh keys.  Here is the tl;dr version of the commands he displayed.

 

To view the client-side files

ls -l ~/.ssh

 

To create or overwrite the id_rsa key

ssh-keygen -t rsa

 

To copy a public key to a remote host

ssh-copy-id hostname

 

To test if an ssh connection currently works

ssh hostname true && echo yes || echo no

 

To create a separate rsa key with a password

ssh-keygen -t rsa -f ~/.ssh/id_rsa_passwd

 

To copy a specific public key to a remote host

ssh-copy-id -i ~/.ssh/id_rsa_passwd hostname

 

To specify a particular key to use

ssh -i ~/.ssh/id_rsa_passwd hostname

 

To see what keys are available for a connection

ssh -v hostname true 2>&1 | grep key:.*:

 

To create the recommend replacement for id_rsa

ssh-keygen -t ed25519 -a 32 -f ~/.ssh/id_ed255519

 

To support older devices using unsafe protocols

cat >> ~/.ssh/config <<EoT
# hosts requiring deprecated settings
Host mynas myswitch mylegacyserver
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1
EoT

 

And this is a sample ~/.ssh/config file that can be used as a guide.

### settings to override the defaults

# hosts not running x
Host headless etc
ForwardX11 no
ForwardX11Trusted no

# hosts for user carl
Host mynas
User carl

### default settings for all hosts
Host *
User root
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
ServerAliveInterval 60
ForwardX11 yes
ForwardX11Trusted yes
GSSAPIAuthentication no

# hosts requiring deprecated settings
Host mynas etc
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1

# hosts multiplexing connections
Host none_currently
ControlMaster auto
ControlPath ~/.ssh/master-$r@%h:%p

# specific settings for custom environment
Host myclient-*
User admin
IdentityFile ~/.ssh/id_myclient
Port 32222