update README ssh notes

README.md

@@ -64,32 +64,42 @@ find . -type d -exec chmod 755 {} \;
 
 ## SSH Setup
 
+Generate a key (password protect it!)
+
 ```bash
-export REMOTE_USER=${USER}
-export REMOTE_HOST=something.com
-export REMOTE_PORT=22
-
-# The following is generated by the above variables. No tweaks necessary.
-export KEY_NAME=~/.ssh/id_${REMOTE_USER}_${REMOTE_HOST}
-export KEY_COMMENT="${USER}@${HOSTNAME}:${REMOTE_USER}@${REMOTE_HOST}"
-
 # Pick one of the below key types
 # ed25519
-ssh-keygen -C ${KEY_COMMENT} -f ${KEY_NAME} -t ed25519
+ssh-keygen -C ssh@ducoterra.net -t ed25519
 # rsa 4096
-ssh-keygen -C ${KEY_COMMENT} -f ${KEY_NAME} -t rsa -b 4096
+ssh-keygen -C ssh@ducoterra.net -t rsa -b 4096
 
-cat <<EOF >> ~/.ssh/config
+# Inspect a key
+ssh-keygen -l -f ~/.ssh/id_rsa
 
-Host ${REMOTE_HOST}
-    Hostname ${REMOTE_HOST}
-    IdentityFile ${KEY_NAME}
-    User ${REMOTE_USER}
-    Port ${REMOTE_PORT}
-EOF
+# Change the password
+ssh-keygen -p -f ~/.ssh/id_rsa
+```
 
+In your ~/.ssh/config, add the following line to set the default key
+
+```conf
+IdentityFile ~/.foo/identity
+```
+
+Then add a host to your local computer
+
+```bash
+Host <hostname>
+    Hostname <host.something.com or IP address>
+    User <remote user>
+    Port <remote port>
+```
+
+And copy the key to a remote computer
+
+```bash
 # Copy the generated key to the server using password auth. Assumes password auth enabled.
-ssh-copy-id -o PubkeyAuthentication=no -i ${KEY_NAME} ${REMOTE_USER}@${REMOTE_HOST}
+ssh-copy-id -f -i ~/.ssh/id_ed25519 ${REMOTE_USER}@${REMOTE_HOST}
 
 # Log into the server with your key
 ssh -i ${KEY_NAME} ${REMOTE_HOST}