43 lines
1.7 KiB
Markdown
43 lines
1.7 KiB
Markdown
---
|
|
layout: page
|
|
title: SSH Server
|
|
---
|
|
## SSH Login Server
|
|
The ENiGMA½ SSH *login server* allows secure user logins over SSH (ssh://).
|
|
|
|
## Configuration
|
|
Entries available under `config.loginServers.ssh`:
|
|
|
|
| Item | Required | Description |
|
|
|------|----------|-------------|
|
|
| `privateKeyPem` | :-1: | Path to private key file. If not set, defaults to `./config/ssh_private_key.pem` |
|
|
| `privateKeyPass` | :+1: | Password to private key file.
|
|
| `firstMenu` | :-1: | First menu an SSH connected user is presented with. Defaults to `sshConnected`. |
|
|
| `firstMenuNewUser` | :-1: | Menu presented to user when logging in with one of the usernames found within `users.newUserNames` in your `config.hjson`. Examples include `new` and `apply`. |
|
|
| `enabled` | :+1: | Set to `true` to enable the SSH server. |
|
|
| `port` | :-1: | Override the default port of `8443`. |
|
|
| `algorithms` | :-1: | Configuration block for SSH algorithms. Includes keys of `kex`, `cipher`, `hmac`, and `compress`. See the algorithms section in the [ssh2-streams](https://github.com/mscdex/ssh2-streams#ssh2stream-methods) documentation for details. For defaults set by ENiGMA½, see `core/config.js`.
|
|
| `traceConnections` | :-1: | Set to `true` to enable full trace-level information on SSH connections.
|
|
|
|
### Example Configuration
|
|
|
|
```hjson
|
|
{
|
|
loginServers: {
|
|
ssh: {
|
|
enabled: true
|
|
port: 8889
|
|
privateKeyPem: /path/to/ssh_private_key.pem
|
|
privateKeyPass: sup3rs3kr3tpa55
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
## Generate a SSH Private Key
|
|
To utilize the SSH server, an SSH Private Key will need generated. OpenSSL can be used for this task:
|
|
|
|
```bash
|
|
openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
|
|
```
|