Creating a custom SSH keypair

Specifically, some SSH keys used on NFSN have stopped working. The problem seems to be because of a recent change in OpenSSH that invalidates certain (weaker) RSA keys.

NFSN recommends using Ed25519 keys instead for better security and performance. DeployHQ doesn’t generate these by default so this note documents how to use a custom keypair.

Assumes you have ssh-keygen and, optionally, pbcopy.

Generate a new keypair

On your local machine:

ssh-keygen -t ed25519

You could provide more options but I stop there and follow the prompts, which will guide you through naming and saving your keypair. I believe you have to leave the passphrase blank for this to work with DeployHQ but I don’t know for sure.

Add the public key to your NFSN profile

You can quickly copy your public key thusly:

pbcopy < ~/path/to/keyname.pub

See NFSN’s member FAQs regarding public keys.

Add the private key to DeployHQ

Navigate to the server config in your project and choose the option to upload a custom key. See DeployHQ’s documentation if needed. You can quickly copy your private key with:

pbcopy < ~/path/to/keyname

Note: you may need to click the link that resets the “host key.”

Add the public key to your GitHub repo or account

On the previous step, DeployHQ will warn you that your custom key will also be used to authenticate with your repo. So you will need to go to your repo’s setting and add the new public key there. Or, if you plan to be using this key for multiple repos, add the public key to your account settings.


date: Sunday, September 19, 2021

time: 1:15 PM

tagged: #reference #dev

published: https://blakewatson.com/notes/7b49e327