This commit is contained in:
parent
3f93f5c5e4
commit
967947b6da
GPG Key ID:
531E723EED721D7C
@ -3,7 +3,7 @@
|
|||||||
### Generate
|
### Generate
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --full-gen-key
|
gpg --full-gen-key
|
||||||
```
|
```
|
||||||
|
|
||||||
### Basic usage
|
### Basic usage
|
||||||
@ -11,86 +11,86 @@ $ gpg --full-gen-key
|
|||||||
Signature sig mode:
|
Signature sig mode:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --detach-sign file.ext
|
gpg --detach-sign file.ext
|
||||||
```
|
```
|
||||||
|
|
||||||
Signature asc mode:
|
Signature asc mode:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --armor --sign file.ext
|
gpg --armor --sign file.ext
|
||||||
```
|
```
|
||||||
|
|
||||||
Verify:
|
Verify:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --verify file.sig
|
gpg --verify file.sig
|
||||||
```
|
```
|
||||||
|
|
||||||
### My user-id
|
### My user-id
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg -K
|
gpg -K
|
||||||
```
|
```
|
||||||
|
|
||||||
### All users-ids
|
### All users-ids
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg -k
|
gpg -k
|
||||||
```
|
```
|
||||||
|
|
||||||
### Copy Public Key
|
### Copy Public Key
|
||||||
|
|
||||||
```console
|
```console
|
||||||
gpg --export --armor $(gpg -K --with-colons --keyid-format SHORT | awk -F: '/^pub:/ { print $5 }') | xclip -sel clip
|
gpg --export --armor $(gpg -K --with-colons | awk -F: '/^sec/ { getline; print $10; exit }')
|
||||||
```
|
```
|
||||||
|
|
||||||
### Copy Private key (Caution)
|
### Copy Private key (Caution)
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --export-secret-keys -a <user-id> | xclip -sel clip
|
gpg --export-secret-keys -a <user-id> | xclip -sel clip
|
||||||
```
|
```
|
||||||
|
|
||||||
### Change password gpg
|
### Change password gpg
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --edit-key <user-id>
|
gpg --edit-key <user-id>
|
||||||
passwd
|
passwd
|
||||||
```
|
```
|
||||||
|
|
||||||
### Debug gpg
|
### Debug gpg
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ dirmngr --debug-level guru
|
dirmngr --debug-level guru
|
||||||
```
|
```
|
||||||
|
|
||||||
### Import key:
|
### Import key:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --recv-keys $esefingerprint
|
gpg --recv-keys $esefingerprint
|
||||||
```
|
```
|
||||||
|
|
||||||
### Import key from server:
|
### Import key from server:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --recv-keys <user-id> --keyserver pgp.mit.edu
|
gpg --recv-keys <user-id> --keyserver pgp.mit.edu
|
||||||
```
|
```
|
||||||
|
|
||||||
### Export key 0:
|
### Export key 0:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --export --armor <user-id> > public.key
|
gpg --export --armor <user-id> > public.key
|
||||||
```
|
```
|
||||||
|
|
||||||
### Export key 1:
|
### Export key 1:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --armor --output public.key --export <user-id>
|
gpg --armor --output public.key --export <user-id>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Export key to server
|
### Export key to server
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --keyserver pgp.mit.edu --send-keys <user-id>
|
gpg --keyserver pgp.mit.edu --send-keys <user-id>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Cifrado
|
## Cifrado
|
||||||
@ -98,32 +98,32 @@ $ gpg --keyserver pgp.mit.edu --send-keys <user-id>
|
|||||||
#### Cifrar
|
#### Cifrar
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --symmetric <miarchivo>
|
gpg --symmetric <miarchivo>
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Descifrado
|
#### Descifrado
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --output <archivo.ext> --decrypt <archivo.gpg>
|
gpg --output <archivo.ext> --decrypt <archivo.gpg>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Cifrado Asimétrico
|
### Cifrado Asimétrico
|
||||||
#### Encryt
|
#### Encryt
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --recipient <user-id> --encrypt archivo.ext
|
gpg --recipient <user-id> --encrypt archivo.ext
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Decrypt
|
#### Decrypt
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --output archivo.ext --decrypt archivo.ext.gpg
|
gpg --output archivo.ext --decrypt archivo.ext.gpg
|
||||||
```
|
```
|
||||||
|
|
||||||
## Refresh keys
|
## Refresh keys
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ gpg --refresh-keys
|
gpg --refresh-keys
|
||||||
```
|
```
|
||||||
|
|
||||||
### wiki
|
### wiki
|
||||||
|
|||||||
@ -3,13 +3,18 @@
|
|||||||
### Generate SSH key pair
|
### Generate SSH key pair
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"
|
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "lupin@example.com"
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Hardware Key
|
||||||
|
```console
|
||||||
|
ssh-keygen -o -a 100 -t ed25519-sk -f ~/.ssh/id_ed25519 -C "lupin@example.com"
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Change private key permissions
|
#### Change private key permissions
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ chmod 600 ~/.ssh/id_ed25519
|
chmod 600 ~/.ssh/id_ed25519
|
||||||
```
|
```
|
||||||
|
|
||||||
### Client usage
|
### Client usage
|
||||||
@ -17,7 +22,7 @@ $ chmod 600 ~/.ssh/id_ed25519
|
|||||||
To connect to a server, run:
|
To connect to a server, run:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ ssh -p port user@server-address
|
ssh -p port user@server-address
|
||||||
```
|
```
|
||||||
|
|
||||||
`port` for default is `22`
|
`port` for default is `22`
|
||||||
@ -25,11 +30,11 @@ $ ssh -p port user@server-address
|
|||||||
#### Copy SSH key
|
#### Copy SSH key
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ doas pacman -S xclip
|
doas pacman -S xclip
|
||||||
```
|
```
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ xclip -sel clip < ~/.ssh/id_ed25519.pub
|
xclip -sel clip < ~/.ssh/id_ed25519.pub
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Configuration
|
#### Configuration
|
||||||
@ -37,7 +42,7 @@ $ xclip -sel clip < ~/.ssh/id_ed25519.pub
|
|||||||
The client can be configured to store common options and hosts. All options can be declared globally or restricted to specific hosts. For example:
|
The client can be configured to store common options and hosts. All options can be declared globally or restricted to specific hosts. For example:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ nano -w ~/.ssh/config
|
nano -w ~/.ssh/config
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
@ -53,11 +58,11 @@ Host myserver
|
|||||||
With such a configuration, the following commands are equivalent
|
With such a configuration, the following commands are equivalent
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ ssh -p port user@server-address
|
ssh -p port user@server-address
|
||||||
```
|
```
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ ssh myserver
|
ssh myserver
|
||||||
```
|
```
|
||||||
|
|
||||||
### Server usage
|
### Server usage
|
||||||
@ -87,7 +92,7 @@ Banner /etc/issue
|
|||||||
### Copy public key to server
|
### Copy public key to server
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ ssh-copy-id -i ~/.ssh/mykey.pub user@host
|
ssh-copy-id -i ~/.ssh/mykey.pub user@host
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Securing the authorized_keys file
|
#### Securing the authorized_keys file
|
||||||
@ -97,5 +102,5 @@ For additional protection, you can prevent users from adding new public keys and
|
|||||||
In the server, make the authorized_keys file read-only for the user and deny all other permissions:
|
In the server, make the authorized_keys file read-only for the user and deny all other permissions:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ chmod 400 ~/.ssh/authorized_keys
|
chmod 400 ~/.ssh/authorized_keys
|
||||||
```
|
```
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user