diff options
| author | elijah <elijah@riseup.net> | 2016-03-04 12:32:11 -0800 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2016-03-04 12:32:11 -0800 |
| commit | 479dd784cec6f423feadd1cbc910105c4cd73636 (patch) | |
| tree | 19ab1e920901ee1d228d9cf805e6fbcdf4da098d /pages/docs/platform/guide | |
| parent | 55565bd556790014649df80c66c49f640e9d54ac (diff) | |
various minor edits.
Diffstat (limited to 'pages/docs/platform/guide')
| -rw-r--r-- | pages/docs/platform/guide/keys-and-certificates.md | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/pages/docs/platform/guide/keys-and-certificates.md b/pages/docs/platform/guide/keys-and-certificates.md index e0fd314..092589d 100644 --- a/pages/docs/platform/guide/keys-and-certificates.md +++ b/pages/docs/platform/guide/keys-and-certificates.md @@ -4,7 +4,7 @@ Working with SSH ================================ -Whenever the `leap` command nees to push changes to a node or gather information from a node, it tunnels this command over SSH. Another way to put this: the security of your servers rests entirely on SSH. Because of this, it is important that you understand how `leap` uses SSH. +Whenever the `leap` command needs to push changes to a node or gather information from a node, it tunnels this command over SSH. Another way to put this: the security of your servers rests entirely on SSH. Because of this, it is important that you understand how `leap` uses SSH. SSH related files ------------------------------- @@ -33,6 +33,15 @@ Specifically, for local nodes: 2. `leap` entirely skips the checking of host keys when connecting with a local node. 3. `leap` adds the public Vagrant SSH key to the list of SSH keys for a user. The public Vagrant SSH key is a shared and insecure key that has root access to most Vagrant virtual machines. +To upgrade a SSH host key +------------------------------- + +Most servers will have more than one SSH host key. Sometimes, the server will have a better SSH host key than the one you have on file. In order to upgrade to the better SSH host key, simply re-run the init command: + + workstation$ leap node init NODE_NAME + +This will prompt you if you want to upgrade the SSH host key, but only if `leap` thinks that an upgrade is advisable. + When SSH host key changes ------------------------------- @@ -86,13 +95,6 @@ Suppose you want to remove `userx` from having any further ssh access to the ser X.509 Certificates ================================ -NOTE: the following files are extremely sensitive and must be carefully protected: - -* `files/ca/ca.key` -* `files/<domain>.key` (where "domain" is the primary domain of the provider). - -These files must be kept private and you must not lose them. All the other key files can be regenerated if you lose them or if they are compromised. - Configuration options ------------------------------------------- |