0dad25c47a
Created comprehensive guide for storing Firefrost SSH key in Vaultwarden. Task #14: Store Firefrost SSH Key in Vaultwarden Priority: TIER 0 - FOUNDATIONAL (unblocks all troubleshooting) Time: 30 minutes Key Details: - File: Firefrost_key.ppk (PuTTY format, ssh-rsa, version 3) - Uploaded by Michael on March 20, 2026 - Used by ALL 6 Firefrost servers (same key everywhere) - Two formats needed: PuTTY (.ppk) for Windows, OpenSSH for Linux/macOS Servers Using This Key: 1. Ghost VPS (64.50.188.14) - architect user 2. Billing VPS (38.68.14.188) - root 3. Panel VPS (45.94.168.138) - root 4. Command Center (63.143.34.217) - root 5. TX1 Dallas (38.68.14.26) - root 6. NC1 Charlotte (216.239.104.130) - root Documentation Includes: - Step-by-step PuTTY → OpenSSH conversion - Vaultwarden storage procedure - Organization setup for Meg (team sharing) - Usage instructions for future Chroniclers - Security considerations (DO/DON'T lists) - File permissions requirements (chmod 600) - Test connection procedure - Verification checklist Why This Matters: - Unblocks ALL server troubleshooting (Ghost, Paymenter, everything) - Future Chroniclers can SSH without asking Michael each time - Enables real-time debugging during sessions - Foundation for operational efficiency - Secure team credential sharing Security: - Private key NOT committed to Git (security best practice) - KEY-LOCATION.md documents WHERE key is stored (Vaultwarden) - Instructions for secure retrieval and usage Impact: FOUNDATIONAL - Makes all future server work 10x easier Files: - docs/tasks/vaultwarden-ssh-setup/README.md (complete guide) - docs/tasks/vaultwarden-ssh-setup/KEY-LOCATION.md (reference only) Next Chronicler: Execute Task #14 FIRST in Priority 0 (before skins) For children not yet born. 💙🔥❄️ Created by: The Guide (Chronicler #35)
8.6 KiB
8.6 KiB
Task #14: Store Firefrost SSH Key in Vaultwarden
Status: PENDING
Priority: TIER 0 — FOUNDATIONAL (UNBLOCKS ALL TROUBLESHOOTING)
Time Estimate: 30 minutes
Created: March 20, 2026 (by The Guide, Chronicler #35)
OBJECTIVE
Store the Firefrost SSH private key securely in Vaultwarden so future Chroniclers and team members can access all servers for troubleshooting without needing to ask Michael for the key each time.
Why this is critical:
- Unblocks ALL troubleshooting (Ghost, Paymenter, Pterodactyl, game servers)
- Enables real-time debugging without waiting for Michael
- Secure credential sharing with Meg (organization setup)
- Foundation for operational efficiency
Current state: SSH key exists but only on Michael's local machines
After completion: Key accessible via Vaultwarden to authorized team members
SERVERS USING THIS KEY
All six Firefrost servers use the SAME SSH key:
- Ghost VPS (64.50.188.14, Chicago) — Login as
architect - Billing VPS (38.68.14.188) — Paymenter, Mailcow
- Panel VPS (45.94.168.138) — Pterodactyl Panel
- Command Center (63.143.34.217, Dallas) — Gitea, automation
- TX1 Dallas (38.68.14.26, 251GB RAM) — Wings, Plane, Dify
- NC1 Charlotte (216.239.104.130, 251GB RAM) — Wings
Key name: Firefrost_key.ppk (PuTTY format)
Algorithm: ssh-rsa
Format: PuTTY Private Key File version 3
KEY FILE FORMATS
Two formats needed:
1. PuTTY Format (.ppk)
- For: Windows users using PuTTY
- File:
Firefrost_key.ppk - Current location: Uploaded to operations manual session
- Usage: Load in PuTTY → Connection → SSH → Auth → Private key file
2. OpenSSH Format (no extension or .pem)
- For: Linux/macOS users, Claude sessions with computer use
- File:
firefrost_key(no extension) orfirefrost_key.pem - Needs conversion: Use PuTTYgen to convert .ppk → OpenSSH
- Usage:
ssh -i ~/.ssh/firefrost_key user@server
STEP-BY-STEP: CONVERT & STORE KEY
Step 1: Convert PuTTY Key to OpenSSH Format (Windows)
Using PuTTYgen:
- Download PuTTYgen (comes with PuTTY installer)
- Open PuTTYgen
- Click Load → Select
Firefrost_key.ppk - Enter passphrase if prompted
- Click Conversions menu → Export OpenSSH key
- Save as
firefrost_key(no extension) - Important: Also save public key via Save public key button
Using puttygen command line (Linux/WSL):
puttygen Firefrost_key.ppk -O private-openssh -o firefrost_key
chmod 600 firefrost_key
Step 2: Log into Vaultwarden
- Go to: https://vault.firefrostgaming.com (or whatever Vaultwarden URL is)
- Log in with Michael's account
- Navigate to vault
Step 3: Create "Firefrost SSH Key" Secure Note
Click: New Item → Secure Note
Fields to fill:
- Name:
Firefrost SSH Key (All Servers) - Folder: Create/select "Infrastructure" folder
- Notes:
SSH Private Key for all Firefrost servers (6 servers, same key)
Servers:
- Ghost VPS (64.50.188.14) - Login as: architect
- Billing VPS (38.68.14.188) - Login as: root
- Panel VPS (45.94.168.138) - Login as: root
- Command Center (63.143.34.217) - Login as: root
- TX1 Dallas (38.68.14.26) - Login as: root
- NC1 Charlotte (216.239.104.130) - Login as: root
Format: PuTTY (.ppk) and OpenSSH
Algorithm: ssh-rsa
Created: [Date key was created]
Attachments:
- Upload
Firefrost_key.ppk(PuTTY format) - Upload
firefrost_key(OpenSSH format) - Upload
firefrost_key.pub(public key for reference)
Step 4: Set Permissions
Organization setup (if sharing with Meg):
- Create organization: "Firefrost Operations"
- Add Meg to organization
- Share "Firefrost SSH Key" item with organization
- Set permissions: Meg can view/use but not delete
Or keep personal:
- Leave in Michael's personal vault
- Share individually when needed
Step 5: Test Retrieval
Test that the key works:
- Log into Vaultwarden
- Open "Firefrost SSH Key" item
- Download the OpenSSH format key
- Save to
~/.ssh/firefrost_key - Set permissions:
chmod 600 ~/.ssh/firefrost_key - Test SSH:
ssh -i ~/.ssh/firefrost_key architect@64.50.188.14 - Should connect to Ghost VPS without password
Step 6: Document in Ops Manual
Update docs/core/infrastructure-manifest.md:
## SSH Access
**All servers use the same SSH key:**
- Key name: Firefrost SSH Key
- Storage: Vaultwarden (Infrastructure folder)
- Formats: PuTTY (.ppk) and OpenSSH
- Retrieval: vault.firefrostgaming.com → "Firefrost SSH Key (All Servers)"
**To use:**
1. Download key from Vaultwarden
2. Save to ~/.ssh/firefrost_key
3. chmod 600 ~/.ssh/firefrost_key
4. ssh -i ~/.ssh/firefrost_key user@server
USAGE INSTRUCTIONS (For Future Chroniclers)
For Computer Use Sessions (Claude):
When Claude needs SSH access:
- Michael retrieves key from Vaultwarden
- Michael provides key via file upload to session
- Claude saves to
/home/claude/.ssh/firefrost_key - Claude sets permissions:
chmod 600 /home/claude/.ssh/firefrost_key - Claude can now SSH:
ssh -i ~/.ssh/firefrost_key user@server
Server-specific usernames:
- Ghost VPS:
ssh -i ~/.ssh/firefrost_key architect@64.50.188.14 - All others:
ssh -i ~/.ssh/firefrost_key root@[server-ip]
For Meg (Team Access):
If shared via organization:
- Log into Vaultwarden
- Go to Organizations → Firefrost Operations
- Find "Firefrost SSH Key (All Servers)"
- Download appropriate format (PuTTY or OpenSSH)
- Use with SSH client
SECURITY CONSIDERATIONS
✅ DO:
- Store in Vaultwarden with strong master password
- Use 2FA on Vaultwarden account
- Set proper file permissions (600) on downloaded keys
- Delete key from download folder after moving to .ssh/
- Use organization for team sharing (audit trail)
❌ DON'T:
- Commit SSH private key to Git (operations manual or any repo)
- Send key via email/Discord/Slack
- Store key in plain text files
- Leave key in ~/Downloads or desktop
- Share master Vaultwarden password
If Key is Compromised:
- Generate new SSH key pair immediately
- Update
~/.ssh/authorized_keyson all 6 servers - Revoke old key from all servers
- Update Vaultwarden with new key
- Notify team of key rotation
VERIFICATION CHECKLIST
After completing this task:
- PuTTY key (.ppk) converted to OpenSSH format
- Both formats uploaded to Vaultwarden
- Secure note created with server details
- Permissions set (organization or personal)
- Test retrieval successful
- Test SSH connection to at least one server
docs/core/infrastructure-manifest.mdupdated- Task #14 marked COMPLETE in tasks.md
SUCCESS CRITERIA
✅ SSH key stored in Vaultwarden
✅ Both formats available (PuTTY and OpenSSH)
✅ Future Chroniclers can retrieve key without asking Michael
✅ Meg has access (if organization setup complete)
✅ Test connection successful to at least one server
✅ Documentation updated in infrastructure manifest
BLOCKS / UNBLOCKS
This task blocks:
- Nothing — can be done independently
This task unblocks:
- All future SSH troubleshooting sessions
- Ghost CMS debugging (log access, config edits)
- Paymenter troubleshooting (database access)
- Pterodactyl Panel fixes
- Game server administration via CLI
- Real-time production debugging
Impact: FOUNDATIONAL — Makes all future server work 10x easier
RELATED TASKS
- Task #52: Ghost CMS homepage (may need SSH debugging)
- Task #42: Paymenter configuration (may need SSH access)
- All server administration tasks
TECHNICAL NOTES
PuTTY vs OpenSSH formats:
- PuTTY (.ppk): Windows SSH client format
- OpenSSH: Linux/macOS standard format
- NOT COMPATIBLE — must convert between them
- Both needed for cross-platform team access
Key algorithm: ssh-rsa (older but widely supported)
Security: Private key should be protected with passphrase (verify if set)
File permissions matter:
- Too open (644, 755): SSH will reject the key
- Correct (600): Owner read/write only
- Command:
chmod 600 ~/.ssh/firefrost_key
NEXT STEPS AFTER COMPLETION
- Mark Task #14 COMPLETE
- Update infrastructure manifest with retrieval instructions
- Test key access from fresh session (verify documentation)
- Consider key rotation schedule (annually?)
- Document key passphrase location (if exists)
Created by: The Guide (Chronicler #35)
Date: March 20, 2026
Priority: TIER 0 — Do this BEFORE soft launch content work
Why: Foundation before expansion — can't troubleshoot effectively without SSH access