all repos — www @ bd9f9a7d8331731ab93cf143a826654a21bf1ec1

deserthorns.net content + generator 

ssh page, update git page
sageclove
Sun, 02 Feb 2025 17:52:32 -0700
commit

bd9f9a7d8331731ab93cf143a826654a21bf1ec1

parent

e8fd06b449accb5886da0e3e4aca7211ceb45109

5 files changed, 66 insertions(+), 5 deletions(-)

jump to
M readme.mdreadme.md 
@@ -29,6 +29,7 @@ Add a new name to `wiki.tab` at its proper place in the hierarchy and rerun `./build`. A new file will be created in the `/wiki/pages` source directory with the proper template tags.
 
 ### TODOs
 - Fast rebuild when serving locally using `-s` (press Enter to rebuild?)
-- Sitemap/index of all pages
-- Use YAML for `wiki.tab`?
+- [wiki] Sitemap/index of all pages
+- [wiki] Use YAML for `wiki.tab`?
+- [wiki] Backlinks
 - Typography styling pass
M wiki/css/style.csswiki/css/style.css 
@@ -10,6 +10,10 @@ max-width: 60rem;
   -webkit-text-size-adjust: 100%;
 }
 
+article {
+  line-height: 1.25rem;
+}
+
 h1,
 h2 {
   font-style: italic;

@@ -39,11 +43,19 @@ scrollbar-width: thin;
   scrollbar-color: var(--b_low) var(--background);
 }
 
-blockquote {
+p, blockquote, aside {
+  line-height: 1.3rem;
+}
+
+blockquote, aside {
   font-style: italic;
   border-left: 4px solid var(--f_inv);
   padding: 0.5rem;
   margin-left: 0;
+}
+
+aside {
+  border-color: var(--b_low);
 }
 
 .header {
M wiki/pages/git.htmlwiki/pages/git.html 
@@ -36,10 +36,10 @@ git add .
 git commit -m "initial commit"
 </pre>
 <p>
-    Now we need to do the inital push and update the remote for the repo to be the server repo (you need to have already set up SSH for the user that you are using to do the push):
+    Now we need to do the inital push and update the remote for the repo to be the server repo (you need to have already <a href="/wiki/ssh">set up SSH</a> for the remote user that you are using to do the push):
 </p>
 <pre>
-git remote add origin &ltSSH_USERNAME&gt@git.deserthorns.net:/var/git/my-new-repo
+git remote add origin &ltREMOTE_USER&gt@git.deserthorns.net:/var/git/my-new-repo
 git push --set-upstream origin master
 </pre>
 <p>

@@ -54,6 +54,10 @@ git add .
 git commit -m "did stuff"
 git push
 </pre>
+
+<h2>Cloning over SSH</h2>
+<p>You need to have already <a href="/wiki/ssh">set up SSH</a> for the remote user that you are using to clone!</p>
+<pre>git clone &ltREMOTE_USER&gt@git.deserthorns.net:/var/git/my-repo</pre>
 {{ end }}
 
 {{ define "scripts" }}
A wiki/pages/ssh.html 
@@ -0,0 +1,43 @@
+{{ define "styles" }}
+{{ end }}
+
+{{ define "content" }}
+<h1>SSH</h1>
+
+<p>
+    The information provided on this page assumes you are using <code>sshd</code> as the SSH server on a Linux machine.
+</p>
+
+<h2>Config</h2>
+
+<p>
+    <code>sshd</code> is configured using the <code>sshd_config</code> file, typically located in <code>/etc/ssh/</code>.
+</p>
+
+<h2>Hardening SSH access</h2>
+<p>
+    Generally, using private key authentication for SSH is preferred instead of password authentication. To disable password auth, add/uncomment the following line in <code>sshd_config</code>, save, and restart <code>sshd</code>:
+</p>
+<pre>PasswordAuthentication no</pre>
+<p>
+    Even with password auth disabled, it is still a good idea to disable root login over SSH: you should set up a non-root user and use that user to log in.  To disable root login over SSH, add/uncomment the following line in <code>sshd_config</code>, save, and restart <code>sshd</code>:
+</p>
+<pre>PermitRootLogin no</pre>
+
+<h2>SSH key-based authentication</h2>
+<p>First, generate a key on the local machine:</p>
+<pre>ssh-keygen</pre>
+<p>You can provide a path for the file containing the new key. It can be useful to give the file a distinct name so you are not using the same key for multiple systems. That said, it is advisable to keep the path the same (typically <code>~/.ssh/</code>), since most tools that use SSH look in that directory for keys by default.</p>
+<p>You can optionally provide a passphrase. This passphrase (if provided) will need to be entered at every login.</p>
+<p>Now that the key has been generated, it needs to be copied to the server. Many online guides will cover using <code>ssh-copy-id</code> to to just this. However, <code>ssh-copy-id</code> only works if password authentication is enabled on the remote machine, and password authentication should be disabled to harden SSH access against attacks.</p>
+<aside>That said, you could absolutely use <code>ssh-copy-id</code> with password authentication still enabled, as long as your remote user has a strong password and you make sure to disable password authentication after key-based authentication is set up.</aside>
+<p>Instead, we will need to copy the new key to the remote machine manually. This requires access to the remote machine, likely via another local machine already cofigured for SSH access.</p>
+<p>Copy the newly-generated public key (contained in the <code>.pub</code> file generated when you ran <code>ssh-keygen</code>) from the local machine. Then log into the remote machine and paste the public key into the <code>~/.ssh/authorized_keys</code> file and save.</p>
+<p>Now the new key can be used to SSH into the remote machine. If your key was generated using the default name of <code>id_rsa</code>, the following should work:</p>
+<pre>ssh &ltUSER&gt@&ltREMOTE_HOST&gt</pre>
+<p>If a different name was chosen for the key file (e.g. <code>my-server</code>), use the <code>-i</code> ("identity") flag to indicate which key file to use:</p>
+<pre>ssh -i ~/.ssh/my-server &ltUSER&gt@&ltREMOTE_HOST&gt</pre>
+{{ end }}
+
+{{ define "scripts" }}
+{{ end }}
M wiki/wiki.tabwiki/wiki.tab 
@@ -6,6 +6,7 @@ knowledge
  software
   git
   sysadmin
+   ssh
  tools
 
 meta