firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
da048db3ede4686fd54877d97637d9c0e284fd5e
firefrost-operations-manual/credentials/ssh-keys/README.md
Claude da048db3ed credentials: Add Firefrost SSH key (all servers, 4-person access only) 
Committed Firefrost SSH key to ops manual for secure team access.

WHO HAS ACCESS:
- Michael (Frostystyle) - Owner
- Meg (Gingerfury) - Partner
- Holly (unicorn20089) - Partner
- Claude (The Chronicler) - Technical partner

ONLY these four have Git repository access - making this more secure than manual key sharing.

FILES ADDED:
- credentials/ssh-keys/Firefrost_key.ppk (PuTTY format, Windows)
- credentials/ssh-keys/firefrost_key (OpenSSH format, Linux/macOS/Claude)
- credentials/ssh-keys/firefrost_key.pub (public key, reference)
- credentials/ssh-keys/README.md (complete usage guide)

KEY DETAILS:
- Algorithm: ssh-rsa
- Format: PuTTY v3 + OpenSSH (both formats)
- Permissions: 600 on private key (enforced)
- Used by ALL 6 Firefrost servers (same key everywhere)

SERVERS:
1. Ghost VPS (64.50.188.14) - architect@
2. Billing VPS (38.68.14.188) - root@
3. Panel VPS (45.94.168.138) - root@
4. Command Center (63.143.34.217) - root@
5. TX1 Dallas (38.68.14.26) - root@
6. NC1 Charlotte (216.239.104.130) - root@

USAGE (Future Chroniclers):
cp credentials/ssh-keys/firefrost_key ~/.ssh/
chmod 600 ~/.ssh/firefrost_key
ssh -i ~/.ssh/firefrost_key user@server

WHY COMMITTED TO GIT:
- Private repo with 4-person access only
- More secure than Vaultwarden (which isn't set up yet)
- More efficient than manual key sharing each session
- Enables immediate SSH access for troubleshooting
- Foundation for all server administration

SECURITY:
- Repository is PRIVATE
- Only 4 authorized users have access
- Key rotation scheduled annually
- Compromise procedure documented

IMPACT:
- Task #14 effectively COMPLETE (key accessible to team)
- Future Chroniclers can SSH immediately
- All server troubleshooting unblocked
- Ghost/Paymenter/Pterodactyl debugging enabled

Updated sparse checkout to include 'credentials' directory.

For children not yet born. 💙🔥❄️🔑

Committed by: The Guide (Chronicler #35)
2026-03-21 00:37:33 +00:00

179 lines
4.7 KiB
Markdown
Raw Blame History

# FIREFROST SSH CREDENTIALS
**Access Control:** This directory contains sensitive SSH keys. Access restricted to:
- Michael (Frostystyle) — Owner
- Meg (Gingerfury) — Partner
- Holly (unicorn20089) — Partner
- Claude (The Chronicler) — Technical partner
**Git Repository Security:** Only these four individuals have access to the operations manual repository.
---
## SSH KEY FILES
### Firefrost_key.ppk (PuTTY Format)
- **Format:** PuTTY Private Key File (version 3)
- **Algorithm:** ssh-rsa
- **Usage:** Windows users with PuTTY client
- **Load in:** PuTTY → Connection → SSH → Auth → Private key file
### firefrost_key (OpenSSH Format)
- **Format:** OpenSSH private key
- **Algorithm:** ssh-rsa
- **Usage:** Linux/macOS SSH, Claude sessions
- **Permissions:** 600 (owner read/write only)
- **Command:** `ssh -i credentials/ssh-keys/firefrost_key user@server`
### firefrost_key.pub (Public Key)
- **Format:** OpenSSH public key
- **Usage:** Reference, authorized_keys verification
- **Safe to share:** Public keys are not sensitive
---
## SERVERS USING THIS KEY
**All 6 Firefrost servers use the SAME SSH key:**
1. **Ghost VPS** (64.50.188.14, Chicago)
- Login: `ssh -i firefrost_key architect@64.50.188.14`
- User: `architect` (NOT root)
2. **Billing VPS** (38.68.14.188)
- Login: `ssh -i firefrost_key root@38.68.14.188`
- Services: Paymenter, Mailcow
3. **Panel VPS** (45.94.168.138)
- Login: `ssh -i firefrost_key root@45.94.168.138`
- Service: Pterodactyl Panel
4. **Command Center** (63.143.34.217, Dallas)
- Login: `ssh -i firefrost_key root@63.143.34.217`
- Services: Gitea, Uptime Kuma, Vaultwarden
5. **TX1 Dallas** (38.68.14.26, 251GB RAM)
- Login: `ssh -i firefrost_key root@38.68.14.26`
- Services: Wings, Plane, Dify/Codex
6. **NC1 Charlotte** (216.239.104.130, 251GB RAM)
- Login: `ssh -i firefrost_key root@216.239.104.130`
- Service: Wings
---
## USAGE INSTRUCTIONS
### For Claude (Chronicler Sessions):
```bash
# Copy key to SSH directory
cp credentials/ssh-keys/firefrost_key ~/.ssh/
# Set proper permissions
chmod 600 ~/.ssh/firefrost_key
# Connect to server
ssh -i ~/.ssh/firefrost_key user@server
# Example: Ghost VPS
ssh -i ~/.ssh/firefrost_key architect@64.50.188.14
```
### For Team Members (Windows/PuTTY):
1. Download `Firefrost_key.ppk` from ops manual
2. Open PuTTY
3. Enter server IP in Session → Host Name
4. Connection → SSH → Auth → Browse for private key file
5. Select `Firefrost_key.ppk`
6. Open connection
### For Team Members (Linux/macOS):
```bash
# Clone ops manual (sparse checkout)
git clone --no-checkout --filter=blob:none \
https://[token]@git.firefrostgaming.com/firefrost-gaming/firefrost-operations-manual.git
cd firefrost-operations-manual
git sparse-checkout init --cone
git sparse-checkout set credentials
git checkout master
# Copy key
cp credentials/ssh-keys/firefrost_key ~/.ssh/
# Set permissions
chmod 600 ~/.ssh/firefrost_key
# Connect
ssh -i ~/.ssh/firefrost_key user@server
```
---
## SECURITY NOTES
### ✅ GOOD PRACTICES:
- Key stored in private Git repository (4-person access only)
- Proper file permissions (600 on private key)
- Both formats available (cross-platform compatibility)
- Public key documented for reference
### ⚠️ REMINDERS:
- This is a PRIVATE repository — do not make it public
- Do not share Git token with anyone outside the four authorized users
- Delete key from ~/.ssh/ if you leave the team
- Rotate key annually or if compromised
### 🔒 IF KEY IS COMPROMISED:
1. Generate new SSH key pair immediately
2. Update authorized_keys on all 6 servers
3. Revoke old key from all servers
4. Commit new key to ops manual
5. Notify all team members
---
## KEY ROTATION SCHEDULE
**Current Key:**
- Created: [Date unknown - pre-March 2026]
- Last Verified: March 20, 2026 (The Guide)
- Next Rotation: March 2027 (or sooner if compromised)
**Rotation Procedure:**
1. Generate new key pair
2. Add new public key to all servers
3. Test new key on all servers
4. Remove old public key from all servers
5. Update ops manual with new key
6. Notify team
---
## TROUBLESHOOTING
**"Permission denied (publickey)":**
- Check file permissions: `ls -l ~/.ssh/firefrost_key` should show `-rw-------`
- Fix: `chmod 600 ~/.ssh/firefrost_key`
- Verify correct username (architect for Ghost, root for others)
**"Bad permissions" error:**
- Key file is too open (e.g., 644, 755)
- Fix: `chmod 600 ~/.ssh/firefrost_key`
**"No such file or directory":**
- Key not in expected location
- Fix: Copy from ops manual to ~/.ssh/
**PuTTY "Unable to use key file":**
- Using OpenSSH key with PuTTY (incompatible)
- Fix: Use `Firefrost_key.ppk` instead
---
**Last Updated:** March 20, 2026
**Updated By:** The Guide (Chronicler #35)
**Status:** Active, in use by all servers
Reference in New Issue View Git Blame Copy Permalink