2022-06-11 Meeting

Open Discussion:

We had a lively conversation about digital projectors and how the ambient light favored Carl but not Gib or Dennis. Then we chatted about internet service and various media sources, and had some suggestions for methods to avoid using cable service.  After the presentation we talked about how infrared light can speed up recovery of injuries.  And of course we talked about other topics including the movies and tv shows that we have enjoyed.

The Presentation:

The topic was ssh keys, and Carl gave a live demo of how to create, test, and troubleshoot ssh keys.  Here is the tl;dr version of the commands he displayed.


To view the client-side files

ls -l ~/.ssh


To create or overwrite the id_rsa key

ssh-keygen -t rsa


To copy a public key to a remote host

ssh-copy-id hostname


To test if an ssh connection currently works

ssh hostname true && echo yes || echo no


To create a separate rsa key with a password

ssh-keygen -t rsa -f ~/.ssh/id_rsa_passwd


To copy a specific public key to a remote host

ssh-copy-id -i ~/.ssh/id_rsa_passwd hostname


To specify a particular key to use

ssh -i ~/.ssh/id_rsa_passwd hostname


To see what keys are available for a connection

ssh -v hostname true 2>&1 | grep key:.*:


To create the recommend replacement for id_rsa

ssh-keygen -t ed25519 -a 32 -f ~/.ssh/id_ed255519


To support older devices using unsafe protocols

cat >> ~/.ssh/config <<EoT
# hosts requiring deprecated settings
Host mynas myswitch mylegacyserver
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1


And this is a sample ~/.ssh/config file that can be used as a guide.

### settings to override the defaults

# hosts not running x
Host headless etc
ForwardX11 no
ForwardX11Trusted no

# hosts for user carl
Host mynas
User carl

### default settings for all hosts
Host *
User root
IdentityFile ~/.ssh/id_ed25519
IdentityFile ~/.ssh/id_rsa
ServerAliveInterval 60
ForwardX11 yes
ForwardX11Trusted yes
GSSAPIAuthentication no

# hosts requiring deprecated settings
Host mynas etc
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
KexAlgorithms +diffie-hellman-group1-sha1

# hosts multiplexing connections
Host none_currently
ControlMaster auto
ControlPath ~/.ssh/master-$r@%h:%p

# specific settings for custom environment
Host myclient-*
User admin
IdentityFile ~/.ssh/id_myclient
Port 32222