So my simple understanding of how the whole ssh keything works is the following:
Your client has an encrypted key, which is called a private key, and your server has a lock with encrypted access codes, called public keys.
Private keys are stored in ~/.ssh/id_rsa
on your client, while public keys are stored… somewhere on your server. (I think the file is called id_rsa.pub, while being accompanied with a file called known_hosts)
Since I’m both admin
and folatt
, it makes sense that I should be able to access both admin
and folatt
with this same key.
And I don’t need a password for it, because that’s what the key is for.
What I shouldn’t have is a key to root, because root access is a security risk.
What I see on Yunohost:
- Being asked for user password, not key passphrase
- Root access
Is this something that is required for a first setup?
If so, then generating keys should be in the installation guide.
Folatt’s list of Linux commands.md
...
Keys are created on the client so that the private key will never be exposed.
## Creating a key pair for private use and transfering the public key to the server.
ssh-keygen -C "$(whoami)@$(hostname)-$(date -I)" -f id_rsa -N <passphrase>
ssh-copy-id -i ~/.ssh/id_rsa.pub <ssh-user>@<deploy-host>
## Getting rid of having to type passphrases over and over again.
echo 'eval `keychain --eval --agents ssh id_rsa`' | tee -a ~/.bash_profile
## Change the key passphrase
ssh-keygen -f ~/.ssh/id_rsa -p
...