|
1 | 1 | # ssh-keys |
2 | | -Public SSH keys for DevOps members |
3 | 2 |
|
4 | | -The `authorized_keys` files on Hackerspace servers are automatically populated with the SSH keys in this repository. |
| 3 | +Public SSH keys for the Hackerspace servers |
| 4 | + |
| 5 | +The `authorized_keys` files on Hackerspace servers are automatically populated with the SSH keys in this repository on a per server basis. |
5 | 6 |
|
6 | 7 | ## Adding a new key |
7 | 8 |
|
8 | | -Adding a new key will grant the key owner server access. |
| 9 | +Adding a new key will grant the key owner server access. Only add a key to the servers you need access to. |
| 10 | + |
| 11 | +For services like deployment etc. it is important to add a new key specific for the service instead of reusing an existing one. |
| 12 | + |
| 13 | +1. Generate a new SSH key using `ssh-keygen`. |
| 14 | + |
| 15 | +```bash |
| 16 | +ssh-keygen -t ed25519 -C "your@email.com" |
| 17 | +``` |
| 18 | + |
| 19 | +- Use `ed25519` as the key type. It is more modern than `rsa`. |
| 20 | +- For the comment, include a way to contact you, phone number or email (This is not necessary for keys used for services, then a comment with the service name is enough). |
9 | 21 |
|
10 | | -1. Generate a new SSH key using your generator of choice (typically PuTTYgen or ssh-keygen) |
11 | | - - If using PuTTYgen, ensure you export the keyfiles with the OpenSSH format |
12 | | -2. Create a new branch, commit and push your **public** key file in the `keys` folder |
| 22 | +2. Create a new branch, commit and push your **public** key file in the appropriate directory for the server inside the `keys` directory. |
13 | 23 |
|
14 | 24 | Typically, a public key file looks something like the following: |
| 25 | + |
15 | 26 | ``` |
16 | | -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuS3I1pwSSUtT6NqeKxa33vwXHQy0f7xlyZHq5dlB3UYJNamDR0KEs/fhxjyCJ8XLf7nJNvojJ5qAtxEJjpnVonM6ehHi3juHxgMJOGIZHcWJ72BpjdcWZk0LuOx0x1qTdHFlU+6aTl27dSgVB+2QQESwQTtVgbIGiNcdt3ES9+Yhc8Sk0PrZ2TW5cTdZJlv/kb/cKgFIk8UQqu5h7TJHyq+L6kbEZrlhB2YmJ1ZICaN2YYsHKvtX5ibkJB4RpAOwOiUHVlDzrlBzjdIKxseCt5oEIANObmdk9YOXfMeAQNJDa3Hx3j5yXuMaJCPFqdwxfzeSOJ+OFGSS5q9FG1Dr/ |
| 27 | +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvlUIQHvVRV0D+BY51Fzf2Q/r0wxMA9JPAPFk1iQTQv hackerspace-dev@idi.ntnu.no |
17 | 28 | ``` |
18 | | -If you see the word `PRIVATE` anywhere in the file(s) you are commiting, **stop immediately**. Private keys are like passwords should be treated as highly confidential. |
19 | 29 |
|
20 | | -1. Open a pull request and have someone review the addition of your key |
21 | | -2. Merge your key in |
| 30 | +If you see the word `PRIVATE` anywhere in the file(s) you are commiting, **stop immediately**. Private keys are like passwords and should be treated as highly confidential. |
| 31 | + |
| 32 | +3. Open a pull request and have the DevOps leadership review the addition |
22 | 33 |
|
23 | | -After your key is merged in, you should get SSH access to the Hackerspace servers soon(tm). |
| 34 | +After your key is merged in, you should get SSH access to the respective server within a few minutes. |
| 35 | + |
| 36 | +> [!NOTE] |
| 37 | +> If you are new to SSH, there is a private guide in the DevOps server documentation on GitHub. |
24 | 38 |
|
25 | 39 | ## Removing a key |
26 | 40 |
|
27 | | -SSH keys should be removed from the repository as soon as they are no longer in use. This *especially* applies to retired DevOps members. |
| 41 | +SSH keys should be removed from the repository as soon as they are no longer in use. This _especially_ applies to retired DevOps members. |
| 42 | + |
| 43 | +So when a member leaves the Hackerspace, their keys should be removed. |
28 | 44 |
|
29 | 45 | 1. Create a new branch, commit and push the removal of the appropriate key file |
30 | | -2. Open a pull request and have someone review the removal |
| 46 | +2. Open a pull request and wait for review |
31 | 47 | 3. Merge the key removal |
0 commit comments