====== OpenLab spring 2015/02 | Key generating/eating party ======

  * Date: 27. 2. 2015
  * Workshop by: Martin Ukrop, Vladimír Štill
  * Cake: {{:public:openlab:spring2015:cake.jpg?linkonly|evidence here}}
  * Cake by: Vlasta Žáková

Introduction to SSH keys and SSH authentication.

===== Useful commands =====

See manual pages for usage details.

  * ssh (create SSH connection)
  * ssh-keygen (generate SSH keypair, interactive)
  * ssh-copy-id <machine> (copy local identity to server to enable key authentication)
  * ssh-add (add key to agent)

===== Configuration file =====

  Host aisa
    Hostname aisa.fi.muni.cz
    ForwardAgent yes
    Username xukrop
    VisualHostKey yes
  
  Host nymfe*
    ForwardAgent yes
    Hostname %h.fi.muni.cz
    IdentityFile ~/.ssh/id_rsa
    ProxyCommand ssh xstill@aisa.fi.muni.cz nc %h %p
  
  # defaults should be at the end
  # security hardening
  Host *
    User xstill
    PreferredAuthentications publickey
    ForwardAgent no
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    PubkeyAuthentication yes

===== Miscellaneous =====

FI known hosts (SSH keys for all machines)
https://fadmin.fi.muni.cz/noauth/sshkh/ssh-known-hosts.mpl

**Beware!** Forwarding your agent to the server may enable the server administrators to steal your agent and authenticate as yourself.