2.0 KiB
2.0 KiB
| layout | title |
|---|---|
| page | SSH Server |
SSH Login Server
The ENiGMA½ SSH login server allows secure user logins over SSH (ssh://).
Configuration
Entries available under config.loginServers.ssh:
| Item | Required | Description |
|---|---|---|
privateKeyPem |
👎 | Path to private key file. If not set, defaults to ./config/ssh_private_key.pem |
privateKeyPass |
👍 | Password to private key file. |
firstMenu |
👎 | First menu an SSH connected user is presented with. Defaults to sshConnected. |
firstMenuNewUser |
👎 | Menu presented to user when logging in with one of the usernames found within users.newUserNames in your config.hjson. Examples include new and apply. |
enabled |
👍 | Set to true to enable the SSH server. |
port |
👎 | Override the default port of 8443. |
address |
👎 | Sets an explicit bind address. |
algorithms |
👎 | Configuration block for SSH algorithms. Includes keys of kex, cipher, hmac, and compress. See the algorithms section in the ssh2-streams documentation for details. For defaults set by ENiGMA½, see core/config_default.js. |
traceConnections |
👎 | Set to true to enable full trace-level information on SSH connections. |
Example Configuration
{
loginServers: {
ssh: {
enabled: true
port: 8889
privateKeyPem: /path/to/ssh_private_key.pem
privateKeyPass: sup3rs3kr3tpa55
}
}
}
Generate a SSH Private Key
To utilize the SSH server, an SSH Private Key (PK) will need generated. OpenSSL can be used for this task:
Modern OpenSSL
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa -out ./config/ssh_private_key.pem -aes128
Legacy OpenSSL
openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
Note that you may need -3des for every old implementations or SSH clients!