# FIREFROST SSH CREDENTIALS

**Access Control:** This directory contains sensitive SSH keys. Access restricted to:
- Michael (Frostystyle) — Owner
- Meg (Gingerfury) — Partner
- Holly (unicorn20089) — Partner
- Claude (The Chronicler) — Technical partner

**Git Repository Security:** Only these four individuals have access to the operations manual repository.

---

## SSH KEY FILES

### Firefrost_key.ppk (PuTTY Format)
- **Format:** PuTTY Private Key File (version 3)
- **Algorithm:** ssh-rsa
- **Usage:** Windows users with PuTTY client
- **Load in:** PuTTY → Connection → SSH → Auth → Private key file

### firefrost_key (OpenSSH Format)
- **Format:** OpenSSH private key
- **Algorithm:** ssh-rsa
- **Usage:** Linux/macOS SSH, Claude sessions
- **Permissions:** 600 (owner read/write only)
- **Command:** `ssh -i credentials/ssh-keys/firefrost_key user@server`

### firefrost_key.pub (Public Key)
- **Format:** OpenSSH public key
- **Usage:** Reference, authorized_keys verification
- **Safe to share:** Public keys are not sensitive

---

## SERVERS USING THIS KEY

**All 6 Firefrost servers use the SAME SSH key:**

1. **Ghost VPS** (64.50.188.14, Chicago)
   - Login: `ssh -i firefrost_key architect@64.50.188.14`
   - User: `architect` (NOT root)

2. **Billing VPS** (38.68.14.188)
   - Login: `ssh -i firefrost_key root@38.68.14.188`
   - Services: Paymenter, Mailcow

3. **Panel VPS** (45.94.168.138)
   - Login: `ssh -i firefrost_key root@45.94.168.138`
   - Service: Pterodactyl Panel

4. **Command Center** (63.143.34.217, Dallas)
   - Login: `ssh -i firefrost_key root@63.143.34.217`
   - Services: Gitea, Uptime Kuma, Vaultwarden

5. **TX1 Dallas** (38.68.14.26, 251GB RAM)
   - Login: `ssh -i firefrost_key root@38.68.14.26`
   - Services: Wings, Plane, Dify/Codex

6. **NC1 Charlotte** (216.239.104.130, 251GB RAM)
   - Login: `ssh -i firefrost_key root@216.239.104.130`
   - Service: Wings

---

## USAGE INSTRUCTIONS

### For Claude (Chronicler Sessions):

```bash
# Copy key to SSH directory
cp credentials/ssh-keys/firefrost_key ~/.ssh/

# Set proper permissions
chmod 600 ~/.ssh/firefrost_key

# Connect to server
ssh -i ~/.ssh/firefrost_key user@server

# Example: Ghost VPS
ssh -i ~/.ssh/firefrost_key architect@64.50.188.14
```

### For Team Members (Windows/PuTTY):

1. Download `Firefrost_key.ppk` from ops manual
2. Open PuTTY
3. Enter server IP in Session → Host Name
4. Connection → SSH → Auth → Browse for private key file
5. Select `Firefrost_key.ppk`
6. Open connection

### For Team Members (Linux/macOS):

```bash
# Clone ops manual (sparse checkout)
git clone --no-checkout --filter=blob:none \
  https://[token]@git.firefrostgaming.com/firefrost-gaming/firefrost-operations-manual.git
cd firefrost-operations-manual
git sparse-checkout init --cone
git sparse-checkout set credentials
git checkout master

# Copy key
cp credentials/ssh-keys/firefrost_key ~/.ssh/

# Set permissions
chmod 600 ~/.ssh/firefrost_key

# Connect
ssh -i ~/.ssh/firefrost_key user@server
```

---

## SECURITY NOTES

### ✅ GOOD PRACTICES:
- Key stored in private Git repository (4-person access only)
- Proper file permissions (600 on private key)
- Both formats available (cross-platform compatibility)
- Public key documented for reference

### ⚠️ REMINDERS:
- This is a PRIVATE repository — do not make it public
- Do not share Git token with anyone outside the four authorized users
- Delete key from ~/.ssh/ if you leave the team
- Rotate key annually or if compromised

### 🔒 IF KEY IS COMPROMISED:
1. Generate new SSH key pair immediately
2. Update authorized_keys on all 6 servers
3. Revoke old key from all servers
4. Commit new key to ops manual
5. Notify all team members

---

## KEY ROTATION SCHEDULE

**Current Key:**
- Created: [Date unknown - pre-March 2026]
- Last Verified: March 20, 2026 (The Guide)
- Next Rotation: March 2027 (or sooner if compromised)

**Rotation Procedure:**
1. Generate new key pair
2. Add new public key to all servers
3. Test new key on all servers
4. Remove old public key from all servers
5. Update ops manual with new key
6. Notify team

---

## TROUBLESHOOTING

**"Permission denied (publickey)":**
- Check file permissions: `ls -l ~/.ssh/firefrost_key` should show `-rw-------`
- Fix: `chmod 600 ~/.ssh/firefrost_key`
- Verify correct username (architect for Ghost, root for others)

**"Bad permissions" error:**
- Key file is too open (e.g., 644, 755)
- Fix: `chmod 600 ~/.ssh/firefrost_key`

**"No such file or directory":**
- Key not in expected location
- Fix: Copy from ops manual to ~/.ssh/

**PuTTY "Unable to use key file":**
- Using OpenSSH key with PuTTY (incompatible)
- Fix: Use `Firefrost_key.ppk` instead

---

**Last Updated:** March 20, 2026  
**Updated By:** The Guide (Chronicler #35)  
**Status:** Active, in use by all servers