ssh

or, how to tell other computers to do cool things

all users are required to use an ssh keypair for login, or will be required to proceed with manual account recovery with ~spider or another admin. drop a line to sudoers@tilde.cafe or hop on irc for assistance.

overview

port 22 is available for ssh.

when your account is approved, you will get an email. to login enter this in the terminal:

ssh username@tilde.cafe

tilde.cafe's ssh key fingerprints for your verification:

| Name    |  Fingerprint                                         |
|---------|------------------------------------------------------|
| ECDSA   | `SHA256:BTjzIhz+gkmJNVrN7/WOWLqDnnoAzSwDBrw9+QCZdl0` |
| ED25519 | `SHA256:SbNFbk0qeIio4Aveaf29KNYPkEXmeCE38bXZpAWHI0Y` |
| RSA     | `SHA256:W0gZf+knAxjfkzppjm93hVzbqk+ZzkO4U56+09HJ3ks` |

the key fingerprints are in dns as sshfp records as well, which you can check against by setting VerifyHostKeyDNS to yes in your ~/.ssh/config.

you can check the records yourself with the dig tool like this:

dig sshfp tilde.cafe

intro

if you just want to get right to a tutorial you can skip over this background info

while tilde.cafe is accessible on the web and features lovely web pages written by its users, most interaction with tilde.cafe takes place inside the machine that runs tilde.cafe as opposed to via web forms that have an effect from outside tilde.cafe's computer.

this is what sets tilde.cafe apart from most other online communities. you connect directly to another computer from yours alongside other people and then write your web pages, chat, and play games all via text-based interfaces right on tilde.cafe's computer.

prior to the web (which debuted in 1995) this is how pretty much all computer stuff got done. you connected directly to a machine (usually over a direct, physical phone line) and did your work there.

for a long time, people used a tool called telnet to connect to other computers. these days we use a tool called ssh.

ssh is a text-based tool that provides a direct connection from your computer to another. ssh is an acronym that stands for secure shell. the shell part refers to the fact that it's a text-based tool; we use the word shell to refer to a text-based interface that you give commands to. the secure part refers to the fact that, when you're using ssh, no one can spy on your connection to another computer (unlike the old telnet command).

why bother with all of this? passwords are really insecure and hard to manage. using keys makes life easier for you, fair user (your account is less likely to be hacked) and for me, your humble sysadmin (less administration than passwords).

how to make an ssh key

SSH supports a handful of types of cryptographic keys. The most used are RSA and the more modern Ed25519.

RSA is the de-facto standard and is supported everywhere (just choose a big enough key like 4096 bits to be secure). Ed25519 is designed to be faster and smaller withouth sacrificing security, so is best suited for embedded devices or machines with low resources. It's supported on tilde (and really on any modern system) but you may find older systems which do not support it.

Below you'll find instructions to generate either type (or both if you want).

Keep in mind that these instructions leave your private keys unencrypted in your local hard disk. So keep them private; never share them. A good solution is to provide a password for them at creation time, but this implies entering a password any time you used them (impractical) or use something like ssh-agent (a bit more complex)

We don't have documentation for this (yet) so either go with no password keys, or ask on IRC (#cafe) for help.

pick your fighter: [ mac | windows | linux ]

mac

generating your keypair

1. open terminal (it's in /Applications/Utilities, or press command space, type Terminal and press enter)

2. create your .ssh directory:

   mkdir -m 700 ~/.ssh

3. create your keys:

   ssh-keygen -t ed25519 -a 100

4. if you press enter to accept the defaults, your public and private key will be located at ~/.ssh/id_ed25519.pub and ~/.ssh/id_ed25519 respectively

5. cat ~/.ssh/id_ed25519.pub

6. copy the output of the last command and paste it in the sshkey field on the signup form (or email it to the admins if you already have an account)

using your keypair

once ~spider or another admin approves your signup, you can join tilde.cafe

1. open terminal (it's in /Applications/Utilities)

2. ssh to tilde.cafe:

   ssh username@tilde.cafe

where username is your username (~hedy would use ssh hedy@tilde.cafe)

windows

There are many options for using ssh on windows. If you are on windows 10 1809 or later then it has openssh built in. Please check out microsoft's documentation on openssh.

If you're on legacy windows or you don't want to use openssh, then continue reading below.

generating your keypair

pick any of the following options and follow their installation process. If you'd like to use a full Linux terminal environment then pick WSL. If you just want a bash shell with great git support, pick Git Bash:

• Windows Subsystem for Linux
• msys2

• Git Bash

• after setting up the terminal from any of the above installation process, open your terminal

• create your .ssh directory

  mkdir .ssh

• create your keypair

  ssh-keygen -t ed25519 -a 100

• if you press enter to accept the defaults, your public and private key will be located at ~\.ssh\id_ed25519.pub and ~\.ssh\id_ed25519 respectively.

• cat ~\.ssh\id_ed25519.pub

• copy the output of the last command and paste it in the sshkey field on the signup form

using your keypair

once ~spider or another admin approves your signup, you can join the tilde.cafe

1. open your terminal which you've setup from the previous steps

2. ssh to tilde.cafe:

   ssh username@tilde.cafe

where username is your username (~hedy would use ssh hedy@tilde.cafe)

linux

there are a lot of linux distros, but ssh and ssh-keygen should be available in almost all cases. if they're not, look up how to install ssh for your distro.

generating your keypair

1. open your terminal

2. make sure you have a ~/.ssh directory

   mkdir -m 700 ~/.ssh

3. create your keys

   ssh-keygen -t ed25519 -a 100

4. if you press enter to accept the defaults, your public and private key will be located at ~/.ssh/id_ed25519.pub and ~/.ssh/id_ed25519 respectively

5. cat ~/.ssh/id_ed25519.pub

6. copy the output of the last command and paste it in the sshkey field on the signup form

using your keypair

once ~spider or another admin approves your signup, you can join the tilde.cafe

1. open your terminal

2. ssh to tilde.cafe:

   ssh username@tilde.cafe

where username is your username (~hedy would use ssh hedy@tilde.cafe)

this tutorial is based on and uses parts of the tilde.club ssh primer and the tilde.team ssh guide.