Skip to content

Commit

Permalink
Add instructions to use FIDO/U2F compatible SSH keys (#131)
Browse files Browse the repository at this point in the history 
Co-authored-by: Julia March <101819212+juliamrch@users.noreply.github.com>
  • Loading branch information
@davlgd @juliamrch
davlgd and juliamrch committed Jan 22, 2024
1 parent 8a14aa7 commit 656c485
Showing 1 changed file with 24 additions and 3 deletions.
27 changes: 24 additions & 3 deletions content/doc/account/ssh-keys-management.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,13 @@ You need to add a SSH key to your Clever Cloud's account to deploy via Git.
SSH keys are used to establish a secure connection between your computer and Clever Cloud. A user can have multiple SSH keys.

{{< callout type="warning">}}
Accounts cannot share the same SSH key. A SSH key is used to identify the actions made by a user and must be
associated with only one account.
If a key is used by more than one account, a warning will be displayed in the console.

Accounts cannot share the same SSH key. A SSH key is used to identify the actions made by a user and must be
associated with only one account. **If a key is used by more than one account, a warning will be displayed in the console**.

{{< /callout >}}


## How to add your SSH key on Clever Cloud?

{{% steps %}}
Expand Down Expand Up @@ -69,6 +71,25 @@ The key fingerprint is:

{{% /steps %}}

## Add a FIDO/U2F SSH key

Since [OpenSSH 8.2](https://www.openssh.com/txt/release-8.2 ), generated keys can require a security device compatible with the FIDO/U2F standards (such as Nitrokeys, Solokeys or Yubikeys) to complete the authentication process. To generate such key, plug the device to your machine and enter this command:

```bash
ssh-keygen -t ed25519-sk -C "your_email@youremail.com"
```

Under macOS, you may need to install [Homebrew](https://brew.sh/), an OpenSSH version including full FIDO/U2F support, and use [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) key format:

```bash
brew install openssh
ssh-keygen -t ecdsa-sk -C "your_email@youremail.com"
```

{{< callout type="info" >}}
You can use options related to security devices adding them with the `-O` argument (for example `-O resident`). They're detailed [here](https://man.openbsd.org/ssh-keygen#FIDO_AUTHENTICATOR).
{{< /callout >}}

## Checking of existing SSH keys

### GitHub account and SSH key on Clever Cloud
Expand Down

0 comments on commit 656c485

Please sign in to comment.