firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

docs: Complete Task #14 documentation - SSH key Vaultwarden storage

Browse Source 
Created comprehensive guide for storing Firefrost SSH key in Vaultwarden.

Task #14: Store Firefrost SSH Key in Vaultwarden
Priority: TIER 0 - FOUNDATIONAL (unblocks all troubleshooting)
Time: 30 minutes

Key Details:
- File: Firefrost_key.ppk (PuTTY format, ssh-rsa, version 3)
- Uploaded by Michael on March 20, 2026
- Used by ALL 6 Firefrost servers (same key everywhere)
- Two formats needed: PuTTY (.ppk) for Windows, OpenSSH for Linux/macOS

Servers Using This Key:
1. Ghost VPS (64.50.188.14) - architect user
2. Billing VPS (38.68.14.188) - root
3. Panel VPS (45.94.168.138) - root
4. Command Center (63.143.34.217) - root
5. TX1 Dallas (38.68.14.26) - root
6. NC1 Charlotte (216.239.104.130) - root

Documentation Includes:
- Step-by-step PuTTY → OpenSSH conversion
- Vaultwarden storage procedure
- Organization setup for Meg (team sharing)
- Usage instructions for future Chroniclers
- Security considerations (DO/DON'T lists)
- File permissions requirements (chmod 600)
- Test connection procedure
- Verification checklist

Why This Matters:
- Unblocks ALL server troubleshooting (Ghost, Paymenter, everything)
- Future Chroniclers can SSH without asking Michael each time
- Enables real-time debugging during sessions
- Foundation for operational efficiency
- Secure team credential sharing

Security:
- Private key NOT committed to Git (security best practice)
- KEY-LOCATION.md documents WHERE key is stored (Vaultwarden)
- Instructions for secure retrieval and usage

Impact: FOUNDATIONAL - Makes all future server work 10x easier

Files:
- docs/tasks/vaultwarden-ssh-setup/README.md (complete guide)
- docs/tasks/vaultwarden-ssh-setup/KEY-LOCATION.md (reference only)

Next Chronicler: Execute Task #14 FIRST in Priority 0 (before skins)

For children not yet born. 💙🔥❄️

Created by: The Guide (Chronicler #35)
This commit is contained in:
Claude
2026-03-21 00:33:06 +00:00
parent 5100203575
commit 0dad25c47a
2 changed files with 326 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
docs/tasks/vaultwarden-ssh-setup/KEY-LOCATION.md Normal file
View File

@@ -0,0 +1,33 @@
# SSH Key File Location
**CRITICAL:** The actual SSH private key file is **NOT** committed to Git for security reasons.
## Where to Find the Key
**Current location:** Uploaded to The Guide's session on March 20, 2026
**File:** `Firefrost_key.ppk` (PuTTY format, version 3, ssh-rsa algorithm)
**After Task #14 completion:** Key will be stored in Vaultwarden at:
- URL: vault.firefrostgaming.com (or current Vaultwarden URL)
- Location: "Firefrost SSH Key (All Servers)" secure note
- Folder: Infrastructure
- Formats: Both PuTTY (.ppk) and OpenSSH available as attachments
## For Future Chroniclers
**If you need the SSH key:**
1. Ask Michael to retrieve it from Vaultwarden
2. Michael uploads key to your session
3. Save to `~/.ssh/firefrost_key`
4. Set permissions: `chmod 600 ~/.ssh/firefrost_key`
5. Use: `ssh -i ~/.ssh/firefrost_key user@server`
**DO NOT:**
- Commit private key to any Git repository
- Store in plain text in operations manual
- Send via insecure channels (email, Discord, Slack)
---
**Security Note:** This file exists to document WHERE the key is stored, not to store the key itself.

293
docs/tasks/vaultwarden-ssh-setup/README.md Normal file
View File

@@ -0,0 +1,293 @@
# Task #14: Store Firefrost SSH Key in Vaultwarden
**Status:** PENDING
**Priority:** TIER 0 — FOUNDATIONAL (UNBLOCKS ALL TROUBLESHOOTING)
**Time Estimate:** 30 minutes
**Created:** March 20, 2026 (by The Guide, Chronicler #35)
---
## OBJECTIVE
Store the Firefrost SSH private key securely in Vaultwarden so future Chroniclers and team members can access all servers for troubleshooting without needing to ask Michael for the key each time.
**Why this is critical:**
- **Unblocks ALL troubleshooting** (Ghost, Paymenter, Pterodactyl, game servers)
- Enables real-time debugging without waiting for Michael
- Secure credential sharing with Meg (organization setup)
- Foundation for operational efficiency
**Current state:** SSH key exists but only on Michael's local machines
**After completion:** Key accessible via Vaultwarden to authorized team members
---
## SERVERS USING THIS KEY
**All six Firefrost servers use the SAME SSH key:**
1. **Ghost VPS** (64.50.188.14, Chicago) — Login as `architect`
2. **Billing VPS** (38.68.14.188) — Paymenter, Mailcow
3. **Panel VPS** (45.94.168.138) — Pterodactyl Panel
4. **Command Center** (63.143.34.217, Dallas) — Gitea, automation
5. **TX1 Dallas** (38.68.14.26, 251GB RAM) — Wings, Plane, Dify
6. **NC1 Charlotte** (216.239.104.130, 251GB RAM) — Wings
**Key name:** `Firefrost_key.ppk` (PuTTY format)
**Algorithm:** ssh-rsa
**Format:** PuTTY Private Key File version 3
---
## KEY FILE FORMATS
**Two formats needed:**
### 1. PuTTY Format (.ppk)
- **For:** Windows users using PuTTY
- **File:** `Firefrost_key.ppk`
- **Current location:** Uploaded to operations manual session
- **Usage:** Load in PuTTY → Connection → SSH → Auth → Private key file
### 2. OpenSSH Format (no extension or .pem)
- **For:** Linux/macOS users, Claude sessions with computer use
- **File:** `firefrost_key` (no extension) or `firefrost_key.pem`
- **Needs conversion:** Use PuTTYgen to convert .ppk → OpenSSH
- **Usage:** `ssh -i ~/.ssh/firefrost_key user@server`
---
## STEP-BY-STEP: CONVERT & STORE KEY
### Step 1: Convert PuTTY Key to OpenSSH Format (Windows)
**Using PuTTYgen:**
1. Download PuTTYgen (comes with PuTTY installer)
2. Open PuTTYgen
3. Click **Load** → Select `Firefrost_key.ppk`
4. Enter passphrase if prompted
5. Click **Conversions** menu → **Export OpenSSH key**
6. Save as `firefrost_key` (no extension)
7. **Important:** Also save public key via **Save public key** button
**Using puttygen command line (Linux/WSL):**
```bash
puttygen Firefrost_key.ppk -O private-openssh -o firefrost_key
chmod 600 firefrost_key
```
### Step 2: Log into Vaultwarden
1. Go to: **https://vault.firefrostgaming.com** (or whatever Vaultwarden URL is)
2. Log in with Michael's account
3. Navigate to vault
### Step 3: Create "Firefrost SSH Key" Secure Note
**Click:** New Item → **Secure Note**
**Fields to fill:**
- **Name:** `Firefrost SSH Key (All Servers)`
- **Folder:** Create/select "Infrastructure" folder
- **Notes:**
```
SSH Private Key for all Firefrost servers (6 servers, same key)
Servers:
- Ghost VPS (64.50.188.14) - Login as: architect
- Billing VPS (38.68.14.188) - Login as: root
- Panel VPS (45.94.168.138) - Login as: root
- Command Center (63.143.34.217) - Login as: root
- TX1 Dallas (38.68.14.26) - Login as: root
- NC1 Charlotte (216.239.104.130) - Login as: root
Format: PuTTY (.ppk) and OpenSSH
Algorithm: ssh-rsa
Created: [Date key was created]
```
**Attachments:**
- Upload `Firefrost_key.ppk` (PuTTY format)
- Upload `firefrost_key` (OpenSSH format)
- Upload `firefrost_key.pub` (public key for reference)
### Step 4: Set Permissions
**Organization setup (if sharing with Meg):**
1. Create organization: "Firefrost Operations"
2. Add Meg to organization
3. Share "Firefrost SSH Key" item with organization
4. Set permissions: Meg can view/use but not delete
**Or keep personal:**
- Leave in Michael's personal vault
- Share individually when needed
### Step 5: Test Retrieval
**Test that the key works:**
1. Log into Vaultwarden
2. Open "Firefrost SSH Key" item
3. Download the OpenSSH format key
4. Save to `~/.ssh/firefrost_key`
5. Set permissions: `chmod 600 ~/.ssh/firefrost_key`
6. Test SSH: `ssh -i ~/.ssh/firefrost_key architect@64.50.188.14`
7. Should connect to Ghost VPS without password
### Step 6: Document in Ops Manual
Update `docs/core/infrastructure-manifest.md`:
```markdown
## SSH Access
**All servers use the same SSH key:**
- Key name: Firefrost SSH Key
- Storage: Vaultwarden (Infrastructure folder)
- Formats: PuTTY (.ppk) and OpenSSH
- Retrieval: vault.firefrostgaming.com → "Firefrost SSH Key (All Servers)"
**To use:**
1. Download key from Vaultwarden
2. Save to ~/.ssh/firefrost_key
3. chmod 600 ~/.ssh/firefrost_key
4. ssh -i ~/.ssh/firefrost_key user@server
```
---
## USAGE INSTRUCTIONS (For Future Chroniclers)
### For Computer Use Sessions (Claude):
**When Claude needs SSH access:**
1. Michael retrieves key from Vaultwarden
2. Michael provides key via file upload to session
3. Claude saves to `/home/claude/.ssh/firefrost_key`
4. Claude sets permissions: `chmod 600 /home/claude/.ssh/firefrost_key`
5. Claude can now SSH: `ssh -i ~/.ssh/firefrost_key user@server`
**Server-specific usernames:**
- Ghost VPS: `ssh -i ~/.ssh/firefrost_key architect@64.50.188.14`
- All others: `ssh -i ~/.ssh/firefrost_key root@[server-ip]`
### For Meg (Team Access):
**If shared via organization:**
1. Log into Vaultwarden
2. Go to Organizations → Firefrost Operations
3. Find "Firefrost SSH Key (All Servers)"
4. Download appropriate format (PuTTY or OpenSSH)
5. Use with SSH client
---
## SECURITY CONSIDERATIONS
### ✅ DO:
- Store in Vaultwarden with strong master password
- Use 2FA on Vaultwarden account
- Set proper file permissions (600) on downloaded keys
- Delete key from download folder after moving to .ssh/
- Use organization for team sharing (audit trail)
### ❌ DON'T:
- Commit SSH private key to Git (operations manual or any repo)
- Send key via email/Discord/Slack
- Store key in plain text files
- Leave key in ~/Downloads or desktop
- Share master Vaultwarden password
### If Key is Compromised:
1. Generate new SSH key pair immediately
2. Update `~/.ssh/authorized_keys` on all 6 servers
3. Revoke old key from all servers
4. Update Vaultwarden with new key
5. Notify team of key rotation
---
## VERIFICATION CHECKLIST
After completing this task:
- [ ] PuTTY key (.ppk) converted to OpenSSH format
- [ ] Both formats uploaded to Vaultwarden
- [ ] Secure note created with server details
- [ ] Permissions set (organization or personal)
- [ ] Test retrieval successful
- [ ] Test SSH connection to at least one server
- [ ] `docs/core/infrastructure-manifest.md` updated
- [ ] Task #14 marked COMPLETE in tasks.md
---
## SUCCESS CRITERIA
**SSH key stored in Vaultwarden**
**Both formats available** (PuTTY and OpenSSH)
**Future Chroniclers can retrieve key** without asking Michael
**Meg has access** (if organization setup complete)
**Test connection successful** to at least one server
**Documentation updated** in infrastructure manifest
---
## BLOCKS / UNBLOCKS
**This task blocks:**
- Nothing — can be done independently
**This task unblocks:**
- All future SSH troubleshooting sessions
- Ghost CMS debugging (log access, config edits)
- Paymenter troubleshooting (database access)
- Pterodactyl Panel fixes
- Game server administration via CLI
- Real-time production debugging
**Impact:** FOUNDATIONAL — Makes all future server work 10x easier
---
## RELATED TASKS
- Task #52: Ghost CMS homepage (may need SSH debugging)
- Task #42: Paymenter configuration (may need SSH access)
- All server administration tasks
---
## TECHNICAL NOTES
**PuTTY vs OpenSSH formats:**
- PuTTY (.ppk): Windows SSH client format
- OpenSSH: Linux/macOS standard format
- **NOT COMPATIBLE** — must convert between them
- **Both needed** for cross-platform team access
**Key algorithm:** ssh-rsa (older but widely supported)
**Security:** Private key should be protected with passphrase (verify if set)
**File permissions matter:**
- Too open (644, 755): SSH will reject the key
- Correct (600): Owner read/write only
- Command: `chmod 600 ~/.ssh/firefrost_key`
---
## NEXT STEPS AFTER COMPLETION
1. Mark Task #14 COMPLETE
2. Update infrastructure manifest with retrieval instructions
3. Test key access from fresh session (verify documentation)
4. Consider key rotation schedule (annually?)
5. Document key passphrase location (if exists)
---
**Created by:** The Guide (Chronicler #35)
**Date:** March 20, 2026
**Priority:** TIER 0 — Do this BEFORE soft launch content work
**Why:** Foundation before expansion — can't troubleshoot effectively without SSH access