Adding how to upload keys yourself for your second machine

handbook/computing/keyexchange.html

@@ -43,13 +43,48 @@
   <li>Erm, dunno...please fill in</li>
 
   <h3>Android</h3>
-
-  <li>Erm, dunno...please fill in</li>
-
+	<ul>
+  <li>Install the <a href="https://play.google.com/store/apps/details?id=com.server.auditor.ssh.client&hl=en">Termius app</a>
+	which is a ssh client. The free version does ssh but not sFTP. Follow the <a href="https://docs.termius.com/">Termius documentation</a> and in-app help to generate a key pair and then use the same process to upload the public key to the expo server as for Linux machines, i.e. email it to an admin.
+	</li>
+	</ul>
   <h3>iOS</h3>
+	<ul>
+  <li>There is apparently a version of the <a href="https://play.google.com/store/apps/details?id=com.server.auditor.ssh.client&hl=en">Termius app</a>
+	for iPhones. Please try it out and document it here. 
+	</ul>
+	</li>
 
   <li>Erm, dunno...please fill in</li>
 
+<h2>Your second machine</h2>
+<p>OK, you have an uploaded and usable key and you can ssh into the expo server. Now you want to set up a key for another machine such as your phone. You don't need a nerd admin now, you can do this yorself.
+<ol>
+<li>On your new machine, generate a key-pair. Since you are probably using a different operating system on your second machine, read the instructions above for the relevant OS. Yes you will be generating a new key. Do not re-use the key you had already.
+<li>This time though, you will want to be sure that the key has a meaningful label. On Linux this means something like this:
+<tt> ssh-keygen -C "anathema.device@crowley"</tt>
+(if your name is Anathema Device and your new machine is "crowley"). Just click through the questions it asks accepting the defaults. It will tell you what the key files are called and where it has put them.
+<li>
+If you accepted the defaults, the public key will be called <span style="font-family:monospace; size=x-small; background-color: lightgray">id_rsa.pub</span> and it will be in <span style="font-family:monospace; size=x-small; background-color: lightgray">~/.ssh/</span> - check that this is the case.
+<li>Now copy the public key file to your <em>first machine</em>, the one that is already set up with a working key exchange with the expo server. Using email to yourself is easiest.
+<li>Rename the public key file to something that won't be confused with anyone else's key file, to e.g. <span style="font-family:monospace; size=x-small; background-color: lightgray">anathema-id_rsa.pub</span>
+<li>Now upload the public key using sFTP to <span style="font-family:monospace; size=x-small; background-color: lightgray">expo.survex.com/home/expo/.ssh/keys/</span>
+<li>Now login to the expo server on your first machine and do these commands:
+<tt><font color=red">$</font> ssh expo@expo.survex.com
+<br><font color=blue">expo@expo:~$</font> cd .ssh
+<br><font color=blue">expo@expo:~/.ssh$</font> cat keys/anathema-id_rsa.pub >>authorized_keys
+<br><font color=blue">expo@expo:~/.ssh$</font> ./list-keys.sh 
+<br><font color=blue">expo@expo:~/.ssh$</font> cat list-of-key-owners
+</tt> 
+This adds your key on to the end of the authorized keys list, runs a little script to extract the names of all the people who have added keys (24 keys as of Jan.2020) and prints out the list. You should see that the last line says:<br>
+<span style="font-family:monospace; size=x-small; background-color: lightgray">anathema.device@crowley</span>
+<li>Now your public key is installed for your second machine. You check that it works by logging into the expo server using ssh from your second machine.
+</p>
+<p>Note that by using sFTP like this we avoid having to use a text editor over ssh. If you know what you are doing you can do this of course, but the above process is less likely to cause problems for a Windows user setting up their phone as a second device where they are not experienced with vi or nano.
+
+
+
+</ol>
 <hr />
 
 <div id="menu">