Update docs & examples on SSH Private Key (PK) generation

2019-02-15 18:48:16 -07:00
parent a08648a8dc
commit 1ca1128df6
3 changed files with 46 additions and 19 deletions
--- a/misc/config_template.in.hjson
+++ b/misc/config_template.in.hjson
@@ -110,10 +110,26 @@
            port: XXXXX

            //
-            //  To enable SSH:
-            //  1) Generate a Private Key (PK):
-            //  > openssl genrsa -des3 -out ./config/ssh_private_key.pem 2048
-            //  2) Set "privateKeyPass" below
+            //  To enable SSH, perform the following steps:
+            //
+            //  1 - Generate a Private Key (PK):
+            //  Currently ENiGMA 1/2 requires a PKCS#1 PEM formatted PK.
+            //  To generate a secure PK, issue the following command:
+            //
+            //  > openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 \
+            //      -pkeyopt rsa_keygen_pubexp:65537 | openssl rsa \
+            //      -out ./config/ssh_private_key.pem -aes128
+            //
+            //  (The above is a more modern equivelant of the following):
+            //  > openssl genrsa -aes128 -out ./config/ssh_private_key.pem 2048
+            //
+            //  2 - Set 'privateKeyPass' to the password you used in step #1
+            //
+            //  3 - Finally, set 'enabled' to 'true'
+            //
+            //  Additional reading:
+            //  - https://blog.sleeplessbeastie.eu/2017/12/28/how-to-generate-private-key/
+            //  - https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b
            //
            enabled: XXXXX