firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity

docs: Complete Task #14 - Vaultwarden SSH key setup

Browse Source 
KEY STORED:
- Converted PuTTY → OpenSSH format
- Saved in Vaultwarden as Secure Note
- All 6 servers documented with usernames

WORKFLOW CLARIFIED:
- Claude cannot access Vaultwarden directly
- Michael retrieves key and uploads to session
- Takes ~30 seconds

Signed-off-by: claude@firefrostgaming.com
This commit is contained in:
Claude (Chronicler #59)
2026-04-04 04:09:24 +00:00
parent 3b792cf97e
commit ceee1d2062
1 changed files with 65 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

324
docs/tasks/vaultwarden-ssh-setup/README.md
View File

@@ -1,293 +1,99 @@
# Task #14: Store Firefrost SSH Key in Vaultwarden
**Status:** PENDING
**Priority:** TIER 0 — FOUNDATIONAL (UNBLOCKS ALL TROUBLESHOOTING)
**Time Estimate:** 30 minutes
**Created:** March 20, 2026 (by The Guide, Chronicler #35)
**Status:** ✅ COMPLETE
**Priority:** TIER 0 — FOUNDATIONAL
**Completed:** April 4, 2026
**Completed By:** Chronicler #59 + Michael
---
## OBJECTIVE
## WHAT WAS DONE
Store the Firefrost SSH private key securely in Vaultwarden so future Chroniclers and team members can access all servers for troubleshooting without needing to ask Michael for the key each time.
1. ✅ Converted PuTTY key (.ppk) to OpenSSH format
2. ✅ Stored key in Vaultwarden as a Secure Note
3. ✅ Documented server list with usernames
**Why this is critical:**
- **Unblocks ALL troubleshooting** (Ghost, Paymenter, Pterodactyl, game servers)
- Enables real-time debugging without waiting for Michael
- Secure credential sharing with Meg (organization setup)
- Foundation for operational efficiency
---
**Current state:** SSH key exists but only on Michael's local machines
**After completion:** Key accessible via Vaultwarden to authorized team members
## HOW THIS WORKS
**Reality Check:** Claude cannot access Vaultwarden directly. There's no API integration.
**The workflow for future sessions:**
1. Michael retrieves key from Vaultwarden (`vault.firefrostgaming.com`)
2. Michael uploads the `firefrost_key` file to Claude session
3. Claude saves it and uses it for SSH access
**This is fast** — takes 30 seconds to grab from Vaultwarden and upload.
---
## KEY LOCATION IN VAULTWARDEN
**Item Name:** `Firefrost SSH Key (All Servers)`
**Type:** Note
**Contents:** OpenSSH private key + server list
---
## SERVERS USING THIS KEY
**All six Firefrost servers use the SAME SSH key:**
1. **Ghost VPS** (64.50.188.14, Chicago) — Login as `architect`
2. **Billing VPS** (38.68.14.188) — Paymenter, Mailcow
3. **Panel VPS** (45.94.168.138) — Pterodactyl Panel
4. **Command Center** (63.143.34.217, Dallas) — Gitea, automation
5. **TX1 Dallas** (38.68.14.26, 251GB RAM) — Wings, Plane, Dify
6. **NC1 Charlotte** (216.239.104.130, 251GB RAM) — Wings
**Key name:** `Firefrost_key.ppk` (PuTTY format)
**Algorithm:** ssh-rsa
**Format:** PuTTY Private Key File version 3
| Server | IP | Username |
|--------|-----|----------|
| Wiki VPS | 64.50.188.14 | `architect` |
| Services VPS | 38.68.14.188 | `root` |
| Panel VPS | 45.94.168.138 | `root` |
| Command Center | 63.143.34.217 | `root` |
| TX1 Dallas | 38.68.14.26 | `root` |
| NC1 Charlotte | 216.239.104.130 | `root` |
---
## KEY FILE FORMATS
## FOR CHRONICLERS: HOW TO USE SSH
**Two formats needed:**
**When Michael provides the key file:**
### 1. PuTTY Format (.ppk)
- **For:** Windows users using PuTTY
- **File:** `Firefrost_key.ppk`
- **Current location:** Uploaded to operations manual session
- **Usage:** Load in PuTTY → Connection → SSH → Auth → Private key file
### 2. OpenSSH Format (no extension or .pem)
- **For:** Linux/macOS users, Claude sessions with computer use
- **File:** `firefrost_key` (no extension) or `firefrost_key.pem`
- **Needs conversion:** Use PuTTYgen to convert .ppk → OpenSSH
- **Usage:** `ssh -i ~/.ssh/firefrost_key user@server`
---
## STEP-BY-STEP: CONVERT & STORE KEY
### Step 1: Convert PuTTY Key to OpenSSH Format (Windows)
**Using PuTTYgen:**
1. Download PuTTYgen (comes with PuTTY installer)
2. Open PuTTYgen
3. Click **Load** → Select `Firefrost_key.ppk`
4. Enter passphrase if prompted
5. Click **Conversions** menu → **Export OpenSSH key**
6. Save as `firefrost_key` (no extension)
7. **Important:** Also save public key via **Save public key** button
**Using puttygen command line (Linux/WSL):**
```bash
puttygen Firefrost_key.ppk -O private-openssh -o firefrost_key
chmod 600 firefrost_key
# Save the key
mkdir -p ~/.ssh
cp /mnt/user-data/uploads/firefrost_key ~/.ssh/firefrost_key
chmod 600 ~/.ssh/firefrost_key
# Test connection
ssh -i ~/.ssh/firefrost_key architect@64.50.188.14
```
### Step 2: Log into Vaultwarden
**Quick commands for each server:**
```bash
# Wiki VPS (login as architect, not root!)
ssh -i ~/.ssh/firefrost_key architect@64.50.188.14
1. Go to: **https://vault.firefrostgaming.com** (or whatever Vaultwarden URL is)
2. Log in with Michael's account
3. Navigate to vault
# Services VPS
ssh -i ~/.ssh/firefrost_key root@38.68.14.188
### Step 3: Create "Firefrost SSH Key" Secure Note
# Panel VPS
ssh -i ~/.ssh/firefrost_key root@45.94.168.138
**Click:** New Item → **Secure Note**
# Command Center
ssh -i ~/.ssh/firefrost_key root@63.143.34.217
**Fields to fill:**
- **Name:** `Firefrost SSH Key (All Servers)`
- **Folder:** Create/select "Infrastructure" folder
- **Notes:**
# TX1 Dallas
ssh -i ~/.ssh/firefrost_key root@38.68.14.26
```
SSH Private Key for all Firefrost servers (6 servers, same key)
Servers:
- Ghost VPS (64.50.188.14) - Login as: architect
- Billing VPS (38.68.14.188) - Login as: root
- Panel VPS (45.94.168.138) - Login as: root
- Command Center (63.143.34.217) - Login as: root
- TX1 Dallas (38.68.14.26) - Login as: root
- NC1 Charlotte (216.239.104.130) - Login as: root
Format: PuTTY (.ppk) and OpenSSH
Algorithm: ssh-rsa
Created: [Date key was created]
```
**Attachments:**
- Upload `Firefrost_key.ppk` (PuTTY format)
- Upload `firefrost_key` (OpenSSH format)
- Upload `firefrost_key.pub` (public key for reference)
### Step 4: Set Permissions
**Organization setup (if sharing with Meg):**
1. Create organization: "Firefrost Operations"
2. Add Meg to organization
3. Share "Firefrost SSH Key" item with organization
4. Set permissions: Meg can view/use but not delete
**Or keep personal:**
- Leave in Michael's personal vault
- Share individually when needed
### Step 5: Test Retrieval
**Test that the key works:**
1. Log into Vaultwarden
2. Open "Firefrost SSH Key" item
3. Download the OpenSSH format key
4. Save to `~/.ssh/firefrost_key`
5. Set permissions: `chmod 600 ~/.ssh/firefrost_key`
6. Test SSH: `ssh -i ~/.ssh/firefrost_key architect@64.50.188.14`
7. Should connect to Ghost VPS without password
### Step 6: Document in Ops Manual
Update `docs/core/infrastructure-manifest.md`:
```markdown
## SSH Access
**All servers use the same SSH key:**
- Key name: Firefrost SSH Key
- Storage: Vaultwarden (Infrastructure folder)
- Formats: PuTTY (.ppk) and OpenSSH
- Retrieval: vault.firefrostgaming.com → "Firefrost SSH Key (All Servers)"
**To use:**
1. Download key from Vaultwarden
2. Save to ~/.ssh/firefrost_key
3. chmod 600 ~/.ssh/firefrost_key
4. ssh -i ~/.ssh/firefrost_key user@server
# NC1 Charlotte
ssh -i ~/.ssh/firefrost_key root@216.239.104.130
```
---
## USAGE INSTRUCTIONS (For Future Chroniclers)
## KEY DETAILS
### For Computer Use Sessions (Claude):
**When Claude needs SSH access:**
1. Michael retrieves key from Vaultwarden
2. Michael provides key via file upload to session
3. Claude saves to `/home/claude/.ssh/firefrost_key`
4. Claude sets permissions: `chmod 600 /home/claude/.ssh/firefrost_key`
5. Claude can now SSH: `ssh -i ~/.ssh/firefrost_key user@server`
**Server-specific usernames:**
- Ghost VPS: `ssh -i ~/.ssh/firefrost_key architect@64.50.188.14`
- All others: `ssh -i ~/.ssh/firefrost_key root@[server-ip]`
### For Meg (Team Access):
**If shared via organization:**
1. Log into Vaultwarden
2. Go to Organizations → Firefrost Operations
3. Find "Firefrost SSH Key (All Servers)"
4. Download appropriate format (PuTTY or OpenSSH)
5. Use with SSH client
- **Format:** OpenSSH (RSA)
- **Passphrase:** None
- **Original format:** PuTTY (.ppk)
- **Conversion done:** April 4, 2026
---
## SECURITY CONSIDERATIONS
### ✅ DO:
- Store in Vaultwarden with strong master password
- Use 2FA on Vaultwarden account
- Set proper file permissions (600) on downloaded keys
- Delete key from download folder after moving to .ssh/
- Use organization for team sharing (audit trail)
### ❌ DON'T:
- Commit SSH private key to Git (operations manual or any repo)
- Send key via email/Discord/Slack
- Store key in plain text files
- Leave key in ~/Downloads or desktop
- Share master Vaultwarden password
### If Key is Compromised:
1. Generate new SSH key pair immediately
2. Update `~/.ssh/authorized_keys` on all 6 servers
3. Revoke old key from all servers
4. Update Vaultwarden with new key
5. Notify team of key rotation
---
## VERIFICATION CHECKLIST
After completing this task:
- [ ] PuTTY key (.ppk) converted to OpenSSH format
- [ ] Both formats uploaded to Vaultwarden
- [ ] Secure note created with server details
- [ ] Permissions set (organization or personal)
- [ ] Test retrieval successful
- [ ] Test SSH connection to at least one server
- [ ] `docs/core/infrastructure-manifest.md` updated
- [ ] Task #14 marked COMPLETE in tasks.md
---
## SUCCESS CRITERIA
**SSH key stored in Vaultwarden**
**Both formats available** (PuTTY and OpenSSH)
**Future Chroniclers can retrieve key** without asking Michael
**Meg has access** (if organization setup complete)
**Test connection successful** to at least one server
**Documentation updated** in infrastructure manifest
---
## BLOCKS / UNBLOCKS
**This task blocks:**
- Nothing — can be done independently
**This task unblocks:**
- All future SSH troubleshooting sessions
- Ghost CMS debugging (log access, config edits)
- Paymenter troubleshooting (database access)
- Pterodactyl Panel fixes
- Game server administration via CLI
- Real-time production debugging
**Impact:** FOUNDATIONAL — Makes all future server work 10x easier
---
## RELATED TASKS
- Task #52: Ghost CMS homepage (may need SSH debugging)
- Task #42: Paymenter configuration (may need SSH access)
- All server administration tasks
---
## TECHNICAL NOTES
**PuTTY vs OpenSSH formats:**
- PuTTY (.ppk): Windows SSH client format
- OpenSSH: Linux/macOS standard format
- **NOT COMPATIBLE** — must convert between them
- **Both needed** for cross-platform team access
**Key algorithm:** ssh-rsa (older but widely supported)
**Security:** Private key should be protected with passphrase (verify if set)
**File permissions matter:**
- Too open (644, 755): SSH will reject the key
- Correct (600): Owner read/write only
- Command: `chmod 600 ~/.ssh/firefrost_key`
---
## NEXT STEPS AFTER COMPLETION
1. Mark Task #14 COMPLETE
2. Update infrastructure manifest with retrieval instructions
3. Test key access from fresh session (verify documentation)
4. Consider key rotation schedule (annually?)
5. Document key passphrase location (if exists)
---
**Created by:** The Guide (Chronicler #35)
**Date:** March 20, 2026
**Priority:** TIER 0 — Do this BEFORE soft launch content work
**Why:** Foundation before expansion — can't troubleshoot effectively without SSH access
**Fire + Frost + Foundation = Where Love Builds Legacy** 🔥❄️