SSH

SSH configuration

creating keys:

ssh-keygen -t ed25519 # or retrieve id_ed25519 and id_ed25519.pub and place in $HOME/.ssh/
cat ~/.ssh/id_ed25519.pub # add to github if not there already

to get from 1password:

# needs to be authenticated! `op account add` + `eval $(op signin)` 
op read op://Personal/<1p_item_title>/private_key | tr -dc '[:alnum:]+/=\n -' > ~/.ssh/id_ed25519 && \
op read op://Personal/<1p_item_title>/public_key | tr -dc '[:alnum:]+/=\n -' > ~/.ssh/id_ed25519.pub

getting authorized_keys and fixing any permissions:

curl -o ~/.ssh/authorized_keys --create-dirs https://github.com/nataliafonseca.keys && \
(echo -n '* '; cat ~/.ssh/id_ed25519.pub) > ~/.ssh/allowed_signers && \
sudo chown -R $USER:$USER ~/.ssh && \
sudo chmod 700 ~/.ssh && \
sudo chmod 600 ~/.ssh/authorized_keys && \
sudo chmod 600 ~/.ssh/allowed_signers && \
sudo chmod 600 ~/.ssh/id_ed25519 && \
sudo chmod 644 ~/.ssh/id_ed25519.pub

adding key to agent:

eval "$(ssh-agent -s)"
ssh-add

enabling ssh server:

sudo sed -i '/^#\?PasswordAuthentication/c\PasswordAuthentication no' /etc/ssh/sshd_config && \
sudo systemctl restart sshd && \
systemctl enable --now sshd