diff --git a/core/config.js b/core/config.js index 11f9bcb2..5c1f9c42 100644 --- a/core/config.js +++ b/core/config.js @@ -276,24 +276,26 @@ function getDefaultConfig() { port : 8889, enabled : false, // default to false as PK/pass in config.hjson are required // - // Private Key (PK) in PEM format + // To enable SSH, perform the following steps: // - // Generating your PK: - // 1 - Choose a cipher (3DES, AES128, or AES256) - // 3des : older, most compatible, least secure - // aes128 : newer, widely compatible, fairly secure - // aes256 : newest, least compatible, best security + // 1 - Generate a Private Key (PK): + // Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK. + // To generate a secure PK, issue the following command: // - // 2 - Choose a bit strength (2048 or 4096) - // 2048 : most compatible, decent strength - // 4096 : stronger, but some software is completely incompatible + // > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \ + // -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \ + // -out ./config/ssh_private_key.pem -aes128 // - // Sample command: - // openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048 + // (The above is a more modern equivelant of the following): + // > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048 // - // Then, set servers.ssh.privateKeyPass to the password you use above - // in your config.hjson + // 2 - Set 'privateKeyPass' to the password you used in step #1 // + // 3 - Finally, set 'enabled' to 'true' + // + // Additional reading: + // - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/ + // - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b // privateKeyPem : paths.join(__dirname, './../config/ssh_private_key.pem'), firstMenu : 'sshConnected', diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index f49b797b..12e78772 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -14,17 +14,17 @@ GEM eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) eventmachine (1.2.5) - ffi (1.9.18) + ffi (1.9.24) forwardable-extended (2.6.0) gemoji (3.0.0) hacker (0.0.1) html-pipeline (2.7.1) activesupport (>= 2) - nokogiri (>= 1.4) + nokogiri (>= 1.8.5) http_parser.rb (0.6.0) i18n (0.9.1) concurrent-ruby (~> 1.0) - jekyll (3.7.0) + jekyll (3.7.4) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) @@ -64,14 +64,14 @@ GEM mercenary (0.3.6) mini_portile2 (2.3.0) minitest (5.11.1) - nokogiri (1.8.1) + nokogiri (1.8.5) mini_portile2 (~> 2.3.0) pathutil (0.16.1) forwardable-extended (~> 2.6) public_suffix (3.0.1) rb-fsevent (0.10.2) rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) + ffi (>= 1.9.24, < 2) rouge (3.1.0) ruby_dep (1.5.0) safe_yaml (1.0.4) diff --git a/docs/servers/ssh.md b/docs/servers/ssh.md index a71f8250..c576f38e 100644 --- a/docs/servers/ssh.md +++ b/docs/servers/ssh.md @@ -35,8 +35,17 @@ Entries available under `config.loginServers.ssh`: ``` ## Generate a SSH Private Key -To utilize the SSH server, an SSH Private Key will need generated. OpenSSL can be used for this task: +To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSL can be used for this task: +### Modern OpenSSL ```bash -openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048 +openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa -out ./config/ssh_private_key.pem -aes128 ``` + +### Legacy OpenSSL +```bash +openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048 +``` + +Note that you may need `-3des` for every old implementations or SSH clients! + diff --git a/misc/config_template.in.hjson b/misc/config_template.in.hjson index 504cd02d..5e523e72 100644 --- a/misc/config_template.in.hjson +++ b/misc/config_template.in.hjson @@ -110,10 +110,26 @@ port: XXXXX // - // To enable SSH: - // 1) Generate a Private Key (PK): - // > openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048 - // 2) Set "privateKeyPass" below + // To enable SSH, perform the following steps: + // + // 1 - Generate a Private Key (PK): + // Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK. + // To generate a secure PK, issue the following command: + // + // > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \ + // -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \ + // -out ./config/ssh_private_key.pem -aes128 + // + // (The above is a more modern equivelant of the following): + // > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048 + // + // 2 - Set 'privateKeyPass' to the password you used in step #1 + // + // 3 - Finally, set 'enabled' to 'true' + // + // Additional reading: + // - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/ + // - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b // enabled: XXXXX