Merge branch 'master' of github.com:NuSkooler/enigma-bbs

This commit is contained in:
Bryan Ashby 2019-02-15 20:55:06 -07:00
commit 6ac21962cc
No known key found for this signature in database
GPG Key ID: B49EB437951D2542
4 changed files with 51 additions and 24 deletions

View File

@ -276,24 +276,26 @@ function getDefaultConfig() {
port : 8889,
enabled : false, // default to false as PK/pass in config.hjson are required
//
// Private Key (PK) in PEM format
// To enable SSH, perform the following steps:
//
// Generating your PK:
// 1 - Choose a cipher (3DES, AES128, or AES256)
// 3des : older, most compatible, least secure
// aes128 : newer, widely compatible, fairly secure
// aes256 : newest, least compatible, best security
// 1 - Generate a Private Key (PK):
// Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK.
// To generate a secure PK, issue the following command:
//
// 2 - Choose a bit strength (2048 or 4096)
// 2048 : most compatible, decent strength
// 4096 : stronger, but some software is completely incompatible
// > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \
// -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \
// -out ./config/ssh_private_key.pem -aes128
//
// Sample command:
// openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
// (The above is a more modern equivelant of the following):
// > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
//
// Then, set servers.ssh.privateKeyPass to the password you use above
// in your config.hjson
// 2 - Set 'privateKeyPass' to the password you used in step #1
//
// 3 - Finally, set 'enabled' to 'true'
//
// Additional reading:
// - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/
// - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
//
privateKeyPem : paths.join(__dirname, './../config/ssh_private_key.pem'),
firstMenu : 'sshConnected',

View File

@ -14,17 +14,17 @@ GEM
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.6.0)
eventmachine (1.2.5)
ffi (1.9.18)
ffi (1.9.24)
forwardable-extended (2.6.0)
gemoji (3.0.0)
hacker (0.0.1)
html-pipeline (2.7.1)
activesupport (>= 2)
nokogiri (>= 1.4)
nokogiri (>= 1.8.5)
http_parser.rb (0.6.0)
i18n (0.9.1)
concurrent-ruby (~> 1.0)
jekyll (3.7.0)
jekyll (3.7.4)
addressable (~> 2.4)
colorator (~> 1.0)
em-websocket (~> 0.5)
@ -64,14 +64,14 @@ GEM
mercenary (0.3.6)
mini_portile2 (2.3.0)
minitest (5.11.1)
nokogiri (1.8.1)
nokogiri (1.8.5)
mini_portile2 (~> 2.3.0)
pathutil (0.16.1)
forwardable-extended (~> 2.6)
public_suffix (3.0.1)
rb-fsevent (0.10.2)
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
ffi (>= 1.9.24, < 2)
rouge (3.1.0)
ruby_dep (1.5.0)
safe_yaml (1.0.4)

View File

@ -35,8 +35,17 @@ Entries available under `config.loginServers.ssh`:
```
## Generate a SSH Private Key
To utilize the SSH server, an SSH Private Key will need generated. OpenSSL can be used for this task:
To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSL can be used for this task:
### Modern OpenSSL
```bash
openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa -out ./config/ssh_private_key.pem -aes128
```
### Legacy OpenSSL
```bash
openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
```
Note that you may need `-3des` for every old implementations or SSH clients!

View File

@ -110,10 +110,26 @@
port: XXXXX
//
// To enable SSH:
// 1) Generate a Private Key (PK):
// > openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
// 2) Set "privateKeyPass" below
// To enable SSH, perform the following steps:
//
// 1 - Generate a Private Key (PK):
// Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK.
// To generate a secure PK, issue the following command:
//
// > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \
// -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \
// -out ./config/ssh_private_key.pem -aes128
//
// (The above is a more modern equivelant of the following):
// > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
//
// 2 - Set 'privateKeyPass' to the password you used in step #1
//
// 3 - Finally, set 'enabled' to 'true'
//
// Additional reading:
// - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/
// - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
//
enabled: XXXXX