You only need to do this if you need to do bulk updates of a lot of files to the server.
- Copying files from the server does not need this.
- Only people updating or rearranging files on the server need this, e.g.
As of the server move in spring 2019 you need authorisation on the expo server to log in to get 'programmer access'. (This is not the same as logging in to the website as 'expo', which you can do with just the password.) This takes the form of an ssh key. You generate a key-pair on the machine you use for access, then send the public half to the server. Once done, all serverlogins are automatic - no passwords needed.
'ssh' is 'secure shell' and is widely used for secure access to machines and services.
You will need to run ssh-keygen/PuTTYgen on your device, email the public key to someone who already has ssh access (Wookey, Paul Fox, Philip Sargent, Sam Wenham). Once installed by them you should be able to log in as 'expo' over ssh (and other software like git will also use this behind the scenes). This only needs doing once (for any machine you want access from).
Our own documentation for installing PuTTy on Windows.
Explanation of key-pairs and the ssh-keygen command.
A public key file looks like this: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApc9+PAMrDtWa8D8/Z..lots more like this..qmkW/cQ== wookey@kh
i.e. a long string of characters with 'ssh-rsa' at the start and an ID at the end (often 'user'@'machine').
On a Windows machine use puttygen, which is part of PuTTY. You need to install that if you don't already have it.
Follow the Puttygen instructions, but the really short version is:
$ sudo apt install openssh-client
.$ ssh-keygen
It may ask about passwords: you can add a password for extra
security, but a passwordless key is fine, and more convenient.This is an example of the whole interaction where the key file has been given a different name:
$ ssh-keygen -C "philip@muscogee-wsl"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/philip/.ssh/id_rsa): id_rsa_wsl
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_wsl.
Your public key has been saved in id_rsa_wsl.pub.
The key fingerprint is:
SHA256:ySs0YD5IG2ZD50+riUDHWosNq+WJdqpkDlINXh709r0 philip@muscogee-wsl
The key's randomart image is:
+---[RSA 2048]----+
| . o |
| ..+ . |
| oB+* + |
|.=O%.* + o |
|.+*o= = S . |
|.* o = . . . |
|=++.o . . E |
|B o . |
|oo |
+----[SHA256]-----+
$
Once the nerd has told you that the public key is loaded on the server, check that it has worked by logging in to the expo server like this:
$ ssh expo@expo.survex.com
You may get this response if the public key has not been loaded properly on the server or if your laptop has not loaded the secret key properly.
expo@expo.survex.com: Permission denied (publickey).
$ mv id_rsa_wsl* ~/.ssh
where id_rsa_wsl is the 'file in which to save the key' you specified above.
$ ssh-add -l
and if the process is not running, start it like this
$ eval `ssh-agent`
$ ssh-add ~/.ssh/id_rsa_wsl
$ ssh-add -l
ssh-add -l checks that the key is loaded and the process is running. Now try to login again
with ssh expo@expo.survex.com.
If it still doesn't work, read OK, you have an uploaded and usable key and you can ssh into the expo server. If you want to connect from another machine (e.g. your phone) it's better to make another key than try to re-use the first one. You don't need a nerd admin now, you can do this yourself. But be extremely careful to follow this exactly. If you innocently rename the files to something that appears more sensible it won't work.
MacOS
Chromebook
Android
iOS
Your second machine
$ ssh-keygen -C "anathema.device@pulsifer"
(if your name is Anathema Device and your new machine is "pulsifer"). Just click through the questions it asks accepting the defaults. It will tell you what the key files are called and where it has put them.
Be extremely careful to type ">>" and not ">" in the fourth line below otherwise you will delete everyone's logins.
$ ssh expo@expo.survex.com
This adds your key on to the end of the authorized keys list and prints the last line - which should be your key that you just added.
expo@expo:~$ cd .ssh
expo@expo:~$ cp -p authorized_keys authorized_keys.backup
expo@expo:~/.ssh$ cat keys/id_rsa.pub >>authorized_keys
expo@expo:~/.ssh$ tail -n 1 authorized_keys
Note that by using sFTP like this we avoid having to use a text editor over ssh. If you know what you are doing you can do this of course, but the above process is less likely to cause problems for a Windows user setting up their phone as a second device where they are not experienced with vi or nano.