From 1ca1128df6a1b75bf400bbb7f0a8734ef75ac311 Mon Sep 17 00:00:00 2001
From: Bryan Ashby <bryan@l33t.codes>
Date: Fri, 15 Feb 2019 18:48:16 -0700
Subject: [PATCH 1/4] Update docs & examples on SSH Private Key (PK) generation

---
 core/config.js                | 28 +++++++++++++++-------------
 docs/servers/ssh.md           | 13 +++++++++++--
 misc/config_template.in.hjson | 24 ++++++++++++++++++++----
 3 files changed, 46 insertions(+), 19 deletions(-)

diff --git a/core/config.js b/core/config.js
index 11f9bcb2..5c1f9c42 100644
--- a/core/config.js
+++ b/core/config.js
@@ -276,24 +276,26 @@ function getDefaultConfig() {
                 port                : 8889,
                 enabled             : false,    //  default to false as PK/pass in config.hjson are required
                 //
-                //	Private Key (PK) in PEM format
+                //  To enable SSH, perform the following steps:
                 //
-                //	Generating your PK:
-                //  1 - Choose a cipher (3DES, AES128, or AES256)
-                //      3des      : older, most compatible, least secure
-                //      aes128    : newer, widely compatible, fairly secure
-                //      aes256    : newest, least compatible, best security
+                //  1 - Generate a Private Key (PK):
+                //  Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK.
+                //  To generate a secure PK, issue the following command:
                 //
-                //  2 -  Choose a bit strength (2048 or 4096)
-                //      2048    : most compatible, decent strength
-                //      4096    : stronger, but some software is completely incompatible
+                //  > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \
+                //      -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \
+                //      -out ./config/ssh_private_key.pem -aes128
                 //
-                //  Sample command:
-                //	  openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
+                //  (The above is a more modern equivelant of the following):
+                //  > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
                 //
-                //	Then, set servers.ssh.privateKeyPass to the password you use above
-                //	in your config.hjson
+                //  2 - Set 'privateKeyPass' to the password you used in step #1
                 //
+                //  3 - Finally, set 'enabled' to 'true'
+                //
+                //  Additional reading:
+                //  - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/
+                //  - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
                 //
                 privateKeyPem       : paths.join(__dirname, './../config/ssh_private_key.pem'),
                 firstMenu           : 'sshConnected',
diff --git a/docs/servers/ssh.md b/docs/servers/ssh.md
index a71f8250..c576f38e 100644
--- a/docs/servers/ssh.md
+++ b/docs/servers/ssh.md
@@ -35,8 +35,17 @@ Entries available under `config.loginServers.ssh`:
 ```
 
 ## Generate a SSH Private Key
-To utilize the SSH server, an SSH Private Key will need generated. OpenSSL can be used for this task:
+To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSL can be used for this task:
 
+### Modern OpenSSL
 ```bash
-openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
+openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa -out ./config/ssh_private_key.pem -aes128
 ```
+
+### Legacy OpenSSL
+```bash
+openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
+```
+
+Note that you may need `-3des` for every old implementations or SSH clients!
+
diff --git a/misc/config_template.in.hjson b/misc/config_template.in.hjson
index 504cd02d..5e523e72 100644
--- a/misc/config_template.in.hjson
+++ b/misc/config_template.in.hjson
@@ -110,10 +110,26 @@
             port: XXXXX
 
             //
-            //  To enable SSH:
-            //  1) Generate a Private Key (PK):
-            //  > openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
-            //  2) Set "privateKeyPass" below
+            //  To enable SSH, perform the following steps:
+            //
+            //  1 - Generate a Private Key (PK):
+            //  Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK.
+            //  To generate a secure PK, issue the following command:
+            //
+            //  > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \
+            //      -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \
+            //      -out ./config/ssh_private_key.pem -aes128
+            //
+            //  (The above is a more modern equivelant of the following):
+            //  > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
+            //
+            //  2 - Set 'privateKeyPass' to the password you used in step #1
+            //
+            //  3 - Finally, set 'enabled' to 'true'
+            //
+            //  Additional reading:
+            //  - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/
+            //  - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
             //
             enabled: XXXXX
 

From c27ad39360760d73c393a9778127e35cccc504b0 Mon Sep 17 00:00:00 2001
From: Bryan Ashby <bryan@l33t.codes>
Date: Fri, 15 Feb 2019 18:56:10 -0700
Subject: [PATCH 2/4] Docs pakcage updates to silence vunerability alerts

---
 docs/Gemfile.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
index f49b797b..7a170268 100644
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@@ -20,11 +20,11 @@ GEM
     hacker (0.0.1)
     html-pipeline (2.7.1)
       activesupport (>= 2)
-      nokogiri (>= 1.4)
+      nokogiri (>= 1.8.5)
     http_parser.rb (0.6.0)
     i18n (0.9.1)
       concurrent-ruby (~> 1.0)
-    jekyll (3.7.0)
+    jekyll (3.7.4)
       addressable (~> 2.4)
       colorator (~> 1.0)
       em-websocket (~> 0.5)
@@ -71,7 +71,7 @@ GEM
     public_suffix (3.0.1)
     rb-fsevent (0.10.2)
     rb-inotify (0.9.10)
-      ffi (>= 0.5.0, < 2)
+      ffi (>= 1.9.24, < 2)
     rouge (3.1.0)
     ruby_dep (1.5.0)
     safe_yaml (1.0.4)

From cd24bf5901805536a9d7e374b2f1055799312286 Mon Sep 17 00:00:00 2001
From: Bryan Ashby <bryan@l33t.codes>
Date: Fri, 15 Feb 2019 18:59:04 -0700
Subject: [PATCH 3/4] Bump again

---
 docs/Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
index 7a170268..eab14311 100644
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@@ -64,7 +64,7 @@ GEM
     mercenary (0.3.6)
     mini_portile2 (2.3.0)
     minitest (5.11.1)
-    nokogiri (1.8.1)
+    nokogiri (1.8.5)
       mini_portile2 (~> 2.3.0)
     pathutil (0.16.1)
       forwardable-extended (~> 2.6)

From 8f8a4514a17ddf7dd15c071dacb6db0e455b1350 Mon Sep 17 00:00:00 2001
From: Bryan Ashby <bryan@l33t.codes>
Date: Fri, 15 Feb 2019 18:59:59 -0700
Subject: [PATCH 4/4] Another bump

---
 docs/Gemfile.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock
index eab14311..12e78772 100644
--- a/docs/Gemfile.lock
+++ b/docs/Gemfile.lock
@@ -14,7 +14,7 @@ GEM
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.6.0)
     eventmachine (1.2.5)
-    ffi (1.9.18)
+    ffi (1.9.24)
     forwardable-extended (2.6.0)
     gemoji (3.0.0)
     hacker (0.0.1)