SSH Public Key

To get easy access to the other matrix plugins (e.g. bridges) and other additional functionality, to communicate with the OCI containers, you need to have a ssh public key installed on your matrix host server. We user ssh access for the following:

  • matrixctl adduser-jitsi

  • matrixctl deluser-jitsi

Note

If you where alreadey able to ran the spantaleev/matrix-docker-ansible-deploy playbook, you have installed the public key before. You are good to go and you can skip this chapter.

Note

To get your public key installd you can use your own playbook like described in Config File chapter under the [SERVER] section. If you don’t want to write your own playbook, follow this guide.

Check your key pair

Check, if you alreadey have a key pair.

$ ls -la ~/.ssh/id_*.pub
-rw-r--r-- 1 michael users 767 30. Sep 2014  /home/michael/.ssh/id_rsa.pub

If the output looks like the above, you have generated a keypare in the past and you can continue in the next section Copy Public Key.

If it looks something like below or prints something like you can continue in the section: Generate key pair.

$ ls -la ~/.ssh/id_*.pub
zsh: no matches found: /home/michael/.ssh/id_*.pub
# or
$ ls -la ~/.ssh/id_*.pub
ls: cannot access '/home/michael/.ssh/id_*.pub': No such file or directory

Generate key pair

To generate your key pair run:

$ mkdir ~/.ssh
$ ssh-keygen -t rsa -b 4096 -C "your_email@domain.tld"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:UjqL4jzmuk2YjVqzVHNIay2TShDss5wMHyq3V7ZlI1M your_email@domain.tld
The key's randomart image is:
+---[RSA 4096]----+
|o                |
| o               |
|o   .   .        |
|.+.. = oE        |
|+o=.X *.S        |
|o@o+ *=++        |
|=.O..o.* .       |
|.B++. .          |
|+=*o             |
+----[SHA256]-----+

If prints something like below you need to install openssh, sshd or openssh-client (depends on your distribution).

$ mkdir ~/.ssh
$ ssh-keygen -t rsa -b 4096 -C "your_email@domain.tld"
bash: ssh-keygen: command not found

On Arch linux the installation of openssl would look like:

$ pacman -Sy openssh
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
resolving dependencies...
looking for conflicting packages...

Packages (4) dnssec-anchors-20190629-2  ldns-1.7.1-2  libedit-20191231_3.1-1  openssh-8.2p1-3

Total Download Size:   1.40 MiB
Total Installed Size:  7.31 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 libedit-20191231_3.1-1-x86_64         106.9 KiB   656 KiB/s 00:00 [#####################################] 100%
 dnssec-anchors-20190629-2-any           3.1 KiB  0.00   B/s 00:00 [#####################################] 100%
 ldns-1.7.1-2-x86_64                   435.9 KiB   895 KiB/s 00:00 [#####################################] 100%
 openssh-8.2p1-3-x86_64                884.7 KiB  1355 KiB/s 00:01 [#####################################] 100%
(4/4) checking keys in keyring                                     [#####################################] 100%
(4/4) checking package integrity                                   [#####################################] 100%
(4/4) loading package files                                        [#####################################] 100%
(4/4) checking for file conflicts                                  [#####################################] 100%
(4/4) checking available disk space                                [#####################################] 100%
:: Processing package changes...
(1/4) installing libedit                                           [#####################################] 100%
(2/4) installing dnssec-anchors                                    [#####################################] 100%
(3/4) installing ldns                                              [#####################################] 100%
Optional dependencies for ldns
    libpcap: ldns-dpa tool [installed]
(4/4) installing openssh                                           [#####################################] 100%
Optional dependencies for openssh
    xorg-xauth: X11 forwarding
    x11-ssh-askpass: input passphrase in X
    libfido2: FIDO/U2F support
:: Running post-transaction hooks...
(1/4) Reloading system manager configuration...
 Skipped: Current root is not booted.
 (2/4) Creating temporary files...
[/usr/lib/tmpfiles.d/journal-nocow.conf:26] Failed to resolve specifier: uninitialized /etc detected, skipping
All rules containing unresolvable specifiers will be skipped.
(3/4) Arming ConditionNeedsUpdate...
(4/4) Cleaning up package cache...

Copy Public Key

Now copy your public key to your Server:

$ ssh-copy-id -i ~/.ssh/id_rsa.pub user@matrix.domain.tld