~bzg/worg

ref: dea41fec71017fb96e1ba4e408cf900ed0c8bbf4 worg/worg-git-ssh-key.org -rw-r--r-- 2.8 KiB
dea41fecRussell Adams Updated expectations for non-subscriber posts to be delayed by moderation. 6 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#+TITLE:      Creating a SSH-key for a new user
#+AUTHOR:     Worg people
#+STARTUP:    align fold nodlcheck hidestars oddeven lognotestate
#+SEQ_TODO:   TODO(t) INPROGRESS(i) WAITING(w@) | DONE(d) CANCELED(c@)
#+TAGS:       Write(w) Update(u) Fix(f) Check(c)
#+LANGUAGE:   en
#+PRIORITIES: A C B
#+CATEGORY:   worg
#+OPTIONS:    H:3 num:nil toc:t \n:nil ::t |:t ^:nil -:t f:t *:t d:(HIDE) tags:not-in-toc
#+HTML_LINK_UP:    index.html
#+HTML_LINK_HOME:  https://orgmode.org/worg/

# This file is released by its authors and contributors under the GNU
# Free Documentation license v1.3 or later, code examples are released
# under the GNU General Public License v3 or later.

To push commits to the Worg repository at https://git.sr.ht/~bzg/worg
you need to have a SSH key. What's that and how can you create one?

* Public and private keys

#+index: Public key
#+index: Private key

A /public key/ is like a door lock, and a /private key/ is like the key.
=sr.ht= is asking you for the /public key/, that means, they ask you to
provide a lock, and they will install your lock in their server.
Then, with your /private key/ you will be able to open a connection to
the server.

Your /private key/ may be easy to use: just /have it/, and you can use it
to open the lock.

But suppose you lose it; then it's not secure anymore; any person
which has the key (which is a file) can connect to the server
supplanting your identity.

Therefore, at the computer we do that the /private key/ has a /password/
(also called "passphrase"). Then, you do not only need to possess the
key to open the lock; you also need to know how to use it (that means,
you must have the /public key/ *and* know the password).

So: *use a passphrase* for more security.

* Steps to create your private and public keys

#+index: ssh-keygen

1. Run =ssh-keygen= with no parameters. If you want to change the
   encryption algorithm used, see [[RSA or DSA?][the section below]].

2. /Location of the key/: just press enter

3. /Passphrase of the key/: enter your new password; the one you will
   type each time to be able to connect. You can have no password at
   all, but it's not recommended; read the description at the
   introduction to know why.

4. Now you have 2 new files:

 - =id_rsa=: that's your new private key. Don't share it!

 - =id_rsa.pub=: that's your new /public key/. You can distribute it.

 - You will also see a /fingerprint/ (like =31:c0:5a:92:70:5e:91=... etc).

5. Look at the public key. If you don't like the user name which appears
   at the end, re-run =ssh-keygen -C "comment that you want" =

* RSA or DSA?

#+index: RSA
#+index: DSA

You can decide if at the key creation you want to use the algorithm RSA or
the algorithm DSA.

If you know which one you like, you're lucky; use it!

If not, decide one; both will work.

By default, =ssh-keygen= uses RSA, but you can use =ssh-keygen -t dsa= to
use DSA.