firefrost-gaming/firefrost-operations-manual
3
0
Fork 0
Code Issues 146 Pull Requests Packages Projects Releases Wiki Activity
Files
fa6ebb690b23d2eda656ca46cc296f027bddeeec
firefrost-operations-manual/credentials/ssh-keys/README.md
Claude da048db3ed credentials: Add Firefrost SSH key (all servers, 4-person access only) 
Committed Firefrost SSH key to ops manual for secure team access.

WHO HAS ACCESS:
- Michael (Frostystyle) - Owner
- Meg (Gingerfury) - Partner
- Holly (unicorn20089) - Partner
- Claude (The Chronicler) - Technical partner

ONLY these four have Git repository access - making this more secure than manual key sharing.

FILES ADDED:
- credentials/ssh-keys/Firefrost_key.ppk (PuTTY format, Windows)
- credentials/ssh-keys/firefrost_key (OpenSSH format, Linux/macOS/Claude)
- credentials/ssh-keys/firefrost_key.pub (public key, reference)
- credentials/ssh-keys/README.md (complete usage guide)

KEY DETAILS:
- Algorithm: ssh-rsa
- Format: PuTTY v3 + OpenSSH (both formats)
- Permissions: 600 on private key (enforced)
- Used by ALL 6 Firefrost servers (same key everywhere)

SERVERS:
1. Ghost VPS (64.50.188.14) - architect@
2. Billing VPS (38.68.14.188) - root@
3. Panel VPS (45.94.168.138) - root@
4. Command Center (63.143.34.217) - root@
5. TX1 Dallas (38.68.14.26) - root@
6. NC1 Charlotte (216.239.104.130) - root@

USAGE (Future Chroniclers):
cp credentials/ssh-keys/firefrost_key ~/.ssh/
chmod 600 ~/.ssh/firefrost_key
ssh -i ~/.ssh/firefrost_key user@server

WHY COMMITTED TO GIT:
- Private repo with 4-person access only
- More secure than Vaultwarden (which isn't set up yet)
- More efficient than manual key sharing each session
- Enables immediate SSH access for troubleshooting
- Foundation for all server administration

SECURITY:
- Repository is PRIVATE
- Only 4 authorized users have access
- Key rotation scheduled annually
- Compromise procedure documented

IMPACT:
- Task #14 effectively COMPLETE (key accessible to team)
- Future Chroniclers can SSH immediately
- All server troubleshooting unblocked
- Ghost/Paymenter/Pterodactyl debugging enabled

Updated sparse checkout to include 'credentials' directory.

For children not yet born. 💙🔥❄️🔑

Committed by: The Guide (Chronicler #35)
2026-03-21 00:37:33 +00:00

4.7 KiB
Raw Blame History

FIREFROST SSH CREDENTIALS

Access Control: This directory contains sensitive SSH keys. Access restricted to:

  • Michael (Frostystyle) — Owner
  • Meg (Gingerfury) — Partner
  • Holly (unicorn20089) — Partner
  • Claude (The Chronicler) — Technical partner

Git Repository Security: Only these four individuals have access to the operations manual repository.

SSH KEY FILES

Firefrost_key.ppk (PuTTY Format)

  • Format: PuTTY Private Key File (version 3)
  • Algorithm: ssh-rsa
  • Usage: Windows users with PuTTY client
  • Load in: PuTTY → Connection → SSH → Auth → Private key file

firefrost_key (OpenSSH Format)

  • Format: OpenSSH private key
  • Algorithm: ssh-rsa
  • Usage: Linux/macOS SSH, Claude sessions
  • Permissions: 600 (owner read/write only)
  • Command: ssh -i credentials/ssh-keys/firefrost_key user@server

firefrost_key.pub (Public Key)

  • Format: OpenSSH public key
  • Usage: Reference, authorized_keys verification
  • Safe to share: Public keys are not sensitive

SERVERS USING THIS KEY

All 6 Firefrost servers use the SAME SSH key:

  1. Ghost VPS (64.50.188.14, Chicago)

    • Login: ssh -i firefrost_key architect@64.50.188.14
    • User: architect (NOT root)

  2. Billing VPS (38.68.14.188)

    • Login: ssh -i firefrost_key root@38.68.14.188
    • Services: Paymenter, Mailcow

  3. Panel VPS (45.94.168.138)

    • Login: ssh -i firefrost_key root@45.94.168.138
    • Service: Pterodactyl Panel

  4. Command Center (63.143.34.217, Dallas)

    • Login: ssh -i firefrost_key root@63.143.34.217
    • Services: Gitea, Uptime Kuma, Vaultwarden

  5. TX1 Dallas (38.68.14.26, 251GB RAM)

    • Login: ssh -i firefrost_key root@38.68.14.26
    • Services: Wings, Plane, Dify/Codex

  6. NC1 Charlotte (216.239.104.130, 251GB RAM)

    • Login: ssh -i firefrost_key root@216.239.104.130
    • Service: Wings

USAGE INSTRUCTIONS

For Claude (Chronicler Sessions):

# Copy key to SSH directory
cp credentials/ssh-keys/firefrost_key ~/.ssh/

# Set proper permissions
chmod 600 ~/.ssh/firefrost_key

# Connect to server
ssh -i ~/.ssh/firefrost_key user@server

# Example: Ghost VPS
ssh -i ~/.ssh/firefrost_key architect@64.50.188.14

For Team Members (Windows/PuTTY):

  1. Download Firefrost_key.ppk from ops manual
  2. Open PuTTY
  3. Enter server IP in Session → Host Name
  4. Connection → SSH → Auth → Browse for private key file
  5. Select Firefrost_key.ppk
  6. Open connection

For Team Members (Linux/macOS):

# Clone ops manual (sparse checkout)
git clone --no-checkout --filter=blob:none \
  https://[token]@git.firefrostgaming.com/firefrost-gaming/firefrost-operations-manual.git
cd firefrost-operations-manual
git sparse-checkout init --cone
git sparse-checkout set credentials
git checkout master

# Copy key
cp credentials/ssh-keys/firefrost_key ~/.ssh/

# Set permissions
chmod 600 ~/.ssh/firefrost_key

# Connect
ssh -i ~/.ssh/firefrost_key user@server

SECURITY NOTES

GOOD PRACTICES:

  • Key stored in private Git repository (4-person access only)
  • Proper file permissions (600 on private key)
  • Both formats available (cross-platform compatibility)
  • Public key documented for reference

⚠️ REMINDERS:

  • This is a PRIVATE repository — do not make it public
  • Do not share Git token with anyone outside the four authorized users
  • Delete key from ~/.ssh/ if you leave the team
  • Rotate key annually or if compromised

🔒 IF KEY IS COMPROMISED:

  1. Generate new SSH key pair immediately
  2. Update authorized_keys on all 6 servers
  3. Revoke old key from all servers
  4. Commit new key to ops manual
  5. Notify all team members

KEY ROTATION SCHEDULE

Current Key:

  • Created: [Date unknown - pre-March 2026]
  • Last Verified: March 20, 2026 (The Guide)
  • Next Rotation: March 2027 (or sooner if compromised)

Rotation Procedure:

  1. Generate new key pair
  2. Add new public key to all servers
  3. Test new key on all servers
  4. Remove old public key from all servers
  5. Update ops manual with new key
  6. Notify team

TROUBLESHOOTING

"Permission denied (publickey)":

  • Check file permissions: ls -l ~/.ssh/firefrost_key should show -rw-------
  • Fix: chmod 600 ~/.ssh/firefrost_key
  • Verify correct username (architect for Ghost, root for others)

"Bad permissions" error:

  • Key file is too open (e.g., 644, 755)
  • Fix: chmod 600 ~/.ssh/firefrost_key

"No such file or directory":

  • Key not in expected location
  • Fix: Copy from ops manual to ~/.ssh/

PuTTY "Unable to use key file":

  • Using OpenSSH key with PuTTY (incompatible)
  • Fix: Use Firefrost_key.ppk instead

Last Updated: March 20, 2026
Updated By: The Guide (Chronicler #35)
Status: Active, in use by all servers

Reference in New Issue View Git Blame Copy Permalink