doc: Fetch latest manual

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
2026-05-20 10:34:30 +00:00 · 2024-03-25 21:12:40 -04:00 · 2024-03-25 21:12:40 -04:00 · 5a7a0c1268
commit 5a7a0c1268
parent d4dbf27629
6 changed files with 445 additions and 12 deletions
--- a/doc/manual/en/Debian.raw.wiki
+++ b/doc/manual/en/Debian.raw.wiki
@ -13,7 +13,7 @@
 !FreedomBox is a [[DebianPureBlends|pure blend]] of Debian.  This means that all the work on !FreedomBox is available in Debian as packages.  It also means that any machine running Debian can be turned into a !FreedomBox.
-This page describes the process of installing !FreedomBox on a Debian system. Currently, !FreedomBox works in Debian Stable (Bullseye), Testing (Bookworm), and Unstable (Sid).
+This page describes the process of installing !FreedomBox on a Debian system. Currently, !FreedomBox works in Debian Stable (bookworm), Testing (trixie), and Unstable (sid).
 '''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this approach.
@ -29,11 +29,11 @@ Installing !FreedomBox changes your Debian system in many important ways.  This
 After !FreedomBox is fully setup, your system will no longer allow users not belonging to the ''admin'' group to log in to the system via console, secure shell (SSH) or graphical login. This behaviour can be disabled from the [[FreedomBox/Manual/Security|Security]] page. Use the administrator account created during !FreedomBox first boot for console logins and add further user accounts to ''admin'' group, if necessary.
 }}}
-=== Installing on Debian 11 (Bullseye) or newer ===
+=== Installing on Debian 12 (bookworm) or newer ===
 Check the Troubleshooting section below, for any tips or workarounds that might help during the install.
- 1. [[InstallingDebianOn|Install Debian]] 11 (Bullseye), or Unstable (Sid) on your hardware.
+ 1. [[InstallingDebianOn|Install Debian]] 12 (bookworm), or Unstable (sid) on your hardware.
 1. Update your package list.
--- a/doc/manual/en/ReleaseNotes.raw.wiki
+++ b/doc/manual/en/ReleaseNotes.raw.wiki
@ -8,6 +8,40 @@ For more technical details, see the [[https://salsa.debian.org/freedombox-team/f
 The following are the release notes for each !FreedomBox version.
 == FreedomBox 24.7 (2024-03-25) ==
 === Highlights ===
 * package: Don't remove packages of other apps on uninstall
 * samba: Fix Samba not accessible from IPv6 localhost ::1 address
 * system: Organize items into sections
 * users: Add email address field when creating/updating user accounts
 === Other Changes ===
 * actions: Minor refactor to action error logging
 * actions: Move most of the privileged action code to main directory
 * actions: Provide HTML error message with action error
 * backups: Adjust to changes in privileged errors
 * letsencrypt: Remove unnecessary processing of the error messages
 * letsencrypt: Show better error messages
 * letsencrypt: Simplify error warning when certificate revoke fails
 * matrixsynapse: Prevent setup page from being shown during uninstall
 * middleware: Show HTML exception message as extra detail in messages
 * package: Drop special error message handling for package errors
 * samba: Disable nmbd NetBIOS service
 * snapshot: Show better error messages
 * storage: Adjust to changes in privileged errors
 * storage: Show better error message
 * tests: Automatically create pytest marks for apps
 * tests: Merge actions related test files
 * tests: Move test configuration to plinth directory
 * tests: Remove unused fixture for testing actions
 * upgrades: Show better error messages
 * users: Add email address field during first boot
 * views: Fix alignment of close button in error messages
 * views: Implement a utility to easily show error message
 == FreedomBox 24.6 (2024-03-11) ==
 === Highlights ===
--- a/doc/manual/en/SecureShell.raw.wiki
+++ b/doc/manual/en/SecureShell.raw.wiki
@ -40,17 +40,37 @@ The "fbx" user also has superuser privileges via ``sudo``.
 === Logging In ===
-==== Local ====
+==== Who can log in to FreedomBox by SSH? ====
 !FreedomBox administrative users may use SSH to to log in to !FreedomBox. The user 'fbx' is created by !FreedomBox and is an administrative super-user. There are options which allow ordinary users to log in:
 * SSH access can be granted to specific users in the Edit User page by selecting the option, "Remotely login using Secure Shell (SSH) (freedombox-ssh)"
 * SSH access can be granted globally to all users in the SSH configuration page by selecting the, "Allow all users to login remotely," option.
 With a new !FreedomBox you may log in as fbx using ssh, and other ordinary users will be able to log in after adjusting the user or Secure Shell settings above in this section. The root user account will have no password set and will not be able to log in.
 ==== SSH Client Software ====
 SSH client in included in many operating systems including Linux, Microsoft Windows, and Apple MacOS. SSH is included in Chromebooks, but requires some configuration by the user. In most cases you can run SSH from a terminal or command prompt as shown here, using your !FreedomBox hostname or IP address:
 {{{
 $ ssh freedombox.local
 }}}
 If your client computer does not have SSH available, PuTTY is a popular free software client program which complies with the Debian Free Software Guidelines. PuTTY has a graphical interface to remember and manage your SSH connections. See External links below for more information about PuTTY.
 ===== Cockpit as an SSH Alternative =====
 The Cockpit Server Administration Terminal app available from the Cockpit Tools menu is an alternative shell access tool to SSH. Like SSH your connection to a !FreedomBox terminal is secured. Cockpit is a good choice for users who do not wish to enable the SSH server or those who prefer to connect through a web browser. With either tool you will be presented with the !FreedomBox bash command line interface.
 Some users prefer to run SSH instead of, or in addition to, Cockpit. Command shell users tend to like SSH because it's something that they are already using. Users with Linux or Unix system administration experience tend to rely on this connection method because it is a simpler service which is thought to be more likely to be available if problems arise.
 Refer to the Let's Encrypt and Cockpit sections of this manual to configure Cockpit and SSL certificates for security.
 ==== SSH over Local Network ====
 To login via SSH, to your !FreedomBox:
 {{{
-$ ssh fbx@freedombox
+$ ssh fbx@freedombox.local
 }}}
-Replace `fbx` with the name of the user you wish to login as.  `freedombox` should be replaced with the hostname or IP address of you !FreedomBox device as found in the [[FreedomBox/Manual/QuickStart|Quick Start]] process.
+Replace `fbx` with the name of the user you wish to login as.  `freedombox` should be replaced with the hostname or IP address of you !FreedomBox device as found in the [[FreedomBox/Manual/QuickStart|Quick Start]] process. 
 `fbx` is the default user present on !FreedomBox with superuser privileges.  Any other user created using !FreedomBox and belonging to the group `admin` will be able to login.  The `root` account has no password set and will not be able to login.  Access will be denied to all other users.
 `fbx` and users in `admin` group will also be able to login on the terminal directly.  Other users will be denied access.
@ -145,11 +165,150 @@ $ passwd
 This will ask you for your current password before giving you the opportunity to set a new one.
 === SSH Keys ===
 The next step for SSH security and convenience is to understand and use ssh keys. If you logged in to !FreedomBox the first time using ssh following the instructions above you specified a username and password to log in. In this section you'll learn about Server Fingerprints and host keys, authorized keys, and reasons to use these to make connection easier and more secure.
 By default SSH is configured to prefer to use keys while still allowing you to use a username and password to log in. At the end of this section you will be able to:
 * Connect to !FreedomBox and know that you are connecting to the right computer.
 * Connect instantly without giving a username and password.
 * Further improve the security of your !FreedomBox by disabling SSH password authentication.
 ==== SSH Public and Private Keys ====
 SSH keys are generated in pairs called a key pair. There is a public key and a private key for each key pair. The public key encrypts data which can only be read using the private key, and the private key encrypts data which can only be read using the public key. This is called an asymmetric cryptography system. SSH will distribute your public keys automatically to the other connected system while keeping your private keys safe. 
 Using SSH keys creates a powerful set of security features:
 * You are assured that you are connected to your !FreedomBox.
 * Nobody will be able to read or modify your ssh communication to !FreedomBox. 
 * The !FreedomBox SSH server will know you are the remote user connected.
 * Nobody will be able to read or modify your ssh communication from !FreedomBox.
 * Connection is automatic with no username or password.
 * Your !FreedomBox can block any password guessing attack.
 ==== Create your personal SSH keys on your client computer using ssh-keygen ====
 You will create an SSH key pair on your client computer. We'll use the defaults and will not specify a password. Just press the Enter key when you are prompted for an SSH key password. This is very simple using the ssh-keygen command with no arguments. Here is how to run the command and a sample of the output the ssh-keygen program will give to you:
 {{{
 $ ssh-keygen
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/username/.ssh/id_rsa): 
 Created directory '/home/username/.ssh'.
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/username/.ssh/id_rsa
 Your public key has been saved in /home/username/.ssh/id_rsa.pub
 The key fingerprint is:
 SHA256:nHcTP5DBKxBOgt8BFMyb2QUs//t8ge+8vw2zjOuE71U username@clientpc
 The key's randomart image is:
 +---[RSA 3072]----+
 |     ==++o ..    |
 |    . +++ . .o   |
 |     . O.+  +.   |
 |      =.+.. .+   |
 |        S...o.o E|
 |         ..o...o |
 |          ....+. |
 |          .+ =o+.|
 |           +O+*++|
 +----[SHA256]-----+
 }}}
 That's all you need to do. You now have a personal SSH key pair on your client computer.
 ==== Verify your FreedomBox Server Fingerprint ====
 On your first time connecting to !FreedomBox using ssh you may have noticed a message similar to this:
 {{{
 $ ssh fbx@freedombox.local
 The authenticity of host 'freedombox.local (192.168.1.4)' can't be established.
 ED25519 key fingerprint is SHA256:TwJFdepq7OaTXcycoYfYE8/lRtuOxUGCrst0K/RUh4E.
 This key is not known by any other names.
 Are you sure you want to continue connecting (yes/no/[fingerprint])? 
 }}}
 There are a few things to understand about this message:
 * SSH is telling you that you have never connected to this server before and SSH cannot guarantee that this server is safe for you to use.
 * You have an opportunity to tell SSH that this new server is known to you and safe to use by indicating, 'yes.'  
 * SSH has received an encryption key to communicate securely with this server (even if we're not certain which with server we're communicating with).
 * SSH is giving you a piece of information that you will use to confirm that the remote SSH server is in fact your !FreedomBox.
 Go to !FreedomBox in your web browser. Click on the System menu, and then Secure Shell. The second section of this page is, Server Fingerprints. There is an ED25519 key entry on this page:
 ||'''Algorithm'''||'''Fingerprint'''||
 ||RSA||SHA256:ZGvgdxiDEpGKdw82Z6z0QRmDpT3Vgi07Ghba5IBJ4tQ||
 ||ECDSA||SHA256:BLMMfPxNHpHF0sqCazAwE6ONdLtMY+W2yrgjP7AeXcQ||
 ||ED25519||SHA256:TwJFdepq7OaTXcycoYfYE8/lRtuOxUGCrst0K/RUh4E||
 Compare the ED25519 fingerprint on the !FreedomBox Secure Shell page with the ED25519 fingerprint received by the ssh client in the first-connection example above. If these fingerprints are the same then you may be confident that you are connecting to your !FreedomBox.
 If you'd like to walk through these steps but you have already made the first connection, you can reset that. Issue this command on your ssh client computer.
 {{{
 $ ssh-keygen -R freedombox.local
 }}}
 This removes the record of your known connection to !FreedomBox. Now open your Secure Shell system configuration page on !FreedomBox to the Server Fingerprints section. Next connect to !FreedomBox with your ssh client and properly verify the server fingerprint before indicating yes to the host authenticity question. Having done this correctly you can be certain that when you make an SSH connection to !FreedomBox you are connecting to your server.
 Each time you connect to a new SSH server you will be given the opportunity to verify the server fingerprint. If you connect to !FreedomBox using different names or IP address (local IP, DNS name, Pagekite name, TOR .onion address...) you will be asked once for each name or address, but the fingerprint will not change.
 Your server fingerprints are not private information. The fingerprint is a summary of a public key shared by the server which is used encrypt information sent to the SSH server. Your server public key is also not private information. You could share fingerprints and public keys with the world and the security of your !FreedomBox will not be diminished.
 ==== Share your personal SSH key with FreedomBox using ssh-copy-id ====
 By now you have a personal key pair, and you have verified the identity of !FreedomBox. !FreedomBox still does not know about your identity, and will ask you for your password when you try to log in by ssh. The ssh-copy-id program will tell !FreedomBox to accept your personal key as your password.
 {{{
 $ ssh-copy-id username@freedombox.local
 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 username@freedombox.local's password: 
 Number of key(s) added: 1
 Now try logging into the machine, with:   "ssh 'username@freedombox.local'"
 and check to make sure that only the key(s) you wanted were added.
 }}}
 This step adds your personal public key to your user account on !FreedomBox. With this step complete the !FreedomBox SSH server will compare the key sent by the client computer with the key stored on !FreedomBox. If these match then you will be logged in without the need to give a password. Try it now:
 {{{
 $ ssh freedombox.local
 Linux freedombox 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
                         .--._    _.--.
                        (     \  /     )
                         \     /\     /
                          \_   \/   _/
                           /        \
                          (    /\    )
                           `--'  `--'
                           FreedomBox
 FreedomBox is a pure blend of Debian GNU/Linux. Web interface is available at
 https://localhost/ . FreedomBox manual is available in /usr/share/doc/freedombox
 and from the web interface.
 The programs included with the Debian GNU/Linux system are free software;
 the exact distribution terms for each program are described in the
 individual files in /usr/share/doc/*/copyright.
 Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
 permitted by applicable law.
 You have new mail.
 Last login: Sun Mar 17 14:27:03 2024 from 192.168.144.101
 username@freedombox:~$
 }}}
 Once you have added your client SSH key to !FreedomBox you will be able to connect using that one key by every method of addressing your !FreedomBox:
 * Local network name
 * Local network IP address
 * ISP Public IP address
 * DNS name if you are using Dynamic DNS
 * Pagekite name if you are using Pagekite
 * TOR .onion address if you are using TOR
 ==== Block SSH password guessing attempts by disabling password authentication ====
 Once you are able to connect to !FreedomBox by ssh using a key and not entering a password you can take a step to improve the security of !FreedomBox. If your !FreedomBox is accessible from the internet you may notice that there are repeated attempts to log in to your !FreedomBox from the internet. A good password is your first line of defense, and !FreedomBox has additional features which protect you from these intrusion attempts. You can stop this nonsense completely by disabling password authentication for Secure Shell.
 Go to your !FreedomBox System menu. Click the Secure Shell configuration link. Look under '''Configuration''' and select, "Disable password authentication"
 [x] Disable password authentication  
 Click the, "Update setup," button and it's done. This will stop all password guessing intrusion attempts using ssh. You can log in using your key, and nobody else will be able to log in by guessing a password.
 === External links ===
 * Debian SSH wiki: https://wiki.debian.org/SSH
 * Upstream project: https://www.openssh.com
 * User documentation: https://www.openssh.com/manual.html
 * PuTTY Client Software: https://www.chiark.greenend.org.uk/~sgtatham/putty/
 ## END_INCLUDE
--- a/doc/manual/es/Debian.raw.wiki
+++ b/doc/manual/es/Debian.raw.wiki
@ -13,7 +13,7 @@
 !FreedomBox is a [[DebianPureBlends|pure blend]] of Debian.  This means that all the work on !FreedomBox is available in Debian as packages.  It also means that any machine running Debian can be turned into a !FreedomBox.
-This page describes the process of installing !FreedomBox on a Debian system. Currently, !FreedomBox works in Debian Stable (Bullseye), Testing (Bookworm), and Unstable (Sid).
+This page describes the process of installing !FreedomBox on a Debian system. Currently, !FreedomBox works in Debian Stable (bookworm), Testing (trixie), and Unstable (sid).
 '''Important:''' Read [[FreedomBox/Hardware|general advice]] about hardware before building a !FreedomBox with this approach.
@ -29,11 +29,11 @@ Installing !FreedomBox changes your Debian system in many important ways.  This
 After !FreedomBox is fully setup, your system will no longer allow users not belonging to the ''admin'' group to log in to the system via console, secure shell (SSH) or graphical login. This behaviour can be disabled from the [[FreedomBox/Manual/Security|Security]] page. Use the administrator account created during !FreedomBox first boot for console logins and add further user accounts to ''admin'' group, if necessary.
 }}}
-=== Installing on Debian 11 (Bullseye) or newer ===
+=== Installing on Debian 12 (bookworm) or newer ===
 Check the Troubleshooting section below, for any tips or workarounds that might help during the install.
- 1. [[InstallingDebianOn|Install Debian]] 11 (Bullseye), or Unstable (Sid) on your hardware.
+ 1. [[InstallingDebianOn|Install Debian]] 12 (bookworm), or Unstable (sid) on your hardware.
 1. Update your package list.
--- a/doc/manual/es/ReleaseNotes.raw.wiki
+++ b/doc/manual/es/ReleaseNotes.raw.wiki
@ -8,6 +8,40 @@ For more technical details, see the [[https://salsa.debian.org/freedombox-team/f
 The following are the release notes for each !FreedomBox version.
 == FreedomBox 24.7 (2024-03-25) ==
 === Highlights ===
 * package: Don't remove packages of other apps on uninstall
 * samba: Fix Samba not accessible from IPv6 localhost ::1 address
 * system: Organize items into sections
 * users: Add email address field when creating/updating user accounts
 === Other Changes ===
 * actions: Minor refactor to action error logging
 * actions: Move most of the privileged action code to main directory
 * actions: Provide HTML error message with action error
 * backups: Adjust to changes in privileged errors
 * letsencrypt: Remove unnecessary processing of the error messages
 * letsencrypt: Show better error messages
 * letsencrypt: Simplify error warning when certificate revoke fails
 * matrixsynapse: Prevent setup page from being shown during uninstall
 * middleware: Show HTML exception message as extra detail in messages
 * package: Drop special error message handling for package errors
 * samba: Disable nmbd NetBIOS service
 * snapshot: Show better error messages
 * storage: Adjust to changes in privileged errors
 * storage: Show better error message
 * tests: Automatically create pytest marks for apps
 * tests: Merge actions related test files
 * tests: Move test configuration to plinth directory
 * tests: Remove unused fixture for testing actions
 * upgrades: Show better error messages
 * users: Add email address field during first boot
 * views: Fix alignment of close button in error messages
 * views: Implement a utility to easily show error message
 == FreedomBox 24.6 (2024-03-11) ==
 === Highlights ===
--- a/doc/manual/es/SecureShell.raw.wiki
+++ b/doc/manual/es/SecureShell.raw.wiki
@ -38,8 +38,39 @@ Hay un script incluído en el programa `freedom-maker` que permite establecer la
 El usuario "fbx" también tiene privilegios de superusuario mediante ``sudo``.
 === Ingresando ===
 ==== ¿Quién puede ingresar a FreedomBox por SSH? ====
-==== Local ====
+Los usuarios administradores de !FreedomBox pueden usar SSH para ingresar. !FreedomBox crea el superusuario 'fbx'. Hay opciones que permiten ingresar a usuarios normales:
 * Se puede otorgar individualmente permiso de acceso por SSH a usuarios concretos en la página Editar Usuario seleccionando la opción ''Ingreso remoto usando Secure Shell (SSH) (freedombox-ssh)''.
 * Se puede otorgar permiso de acceso por SSH en masa a todos los usuarios en la página de configuración de SSH seleccionando la opción ''Permitir el ingreso remoto por SSH a todos los usuarios''.
 En una !FreedomBox nueva puedes ingresar con SSH como fbx y los demás usuarios normales podrán hacerlo tras ajustar sus cuentas o la configuración de la Shell Segura arriba en esta sección.
 La cuenta de usuario root no podrá ingresar al no tener contraseña.
 ==== Software Cliente SSH ====
 Muchos sistemas operativos, incluyendo Linux, Windows de Microsoft y MacOS de Apple incluyen clientes SSH. SSH se incluye en ''Chromebooks'' pero requiere que el usuario lo configure.
 En la mayoría de los casos puedes ejecutar SSH desde la terminal o línea de órdenes como se muestra aquí, usando el nombre de la máquina de !FreedomBox o su dirección IP:
 {{{
 $ ssh freedombox.local
 }}}
 Si tu cliente no tiene SSH disponible, PuTTY es un cliente SSH popular y es software libre conforme a las Directrices de Debian para Software Libre.
 PuTTY tiene una interfaz gráfica para recordar y administrar tus conexiones SSH. Consulta los enlaces externos más abajo para amplisr información acerca de PuTTy.
 ===== Cockpit como alternativa a SSH =====
 La aplicación ''Terminal de Administración de Servidor Cockpit'' disponible en el menú de ''Herramientas Cockpit'' es una herramienta de acceso por terminal alternativa a SSH.
 Como con SSH, su conexión al terminal !FreedomBox esta securizada. Cockpit es una buena opción para usuarios que no quieran habilitar el servidor SSH o que prefieran conectar mediante un navegador web.
 Com ambas herramientas se te presentará el interfaz de línea de órdenes bash de !FreedomBox.
 Algunos usuarios prefieren ejecutar SSH en vez de o junto a Cockpit. Los usuarios de la consola de órdenes suelen preferir SSH porque ya lo usan.
 Los usuarios con experiencia administrando sistemas Linux o Unix suelen preferir este método de conexión porque es un servicio más simple y se cree que es más propenso a permanecer disponible en caso de problemas.
 Para configurar Cockpit y los certificados SSL con seguridad lea las secciones del manual ''Cockpit'' y ''Let's Encrypt'', respectivamente.
 ==== SSL en la Red Local ====
 Para ingresar mediante SSH a tu !FreedomBox:
@ -114,11 +145,186 @@ $ passwd
 Esto te preguntará tu contraseña actual antes de darte la oportunidad de establecer la nueva.
 === Claves SSH ===
 El siguiente paso para mejorar la seguridad y la comodidad es comprender y empleare las claves SSH. Si la primera vez ingresaste a tu !FreedomBox mediante SSH siguiendo las instrucciones anteriores diste un usuario y una contraseña.
 In esta sección aprenderás acerca de huellas de servidor, claves de máquina, claves autorizadas, y los motivos para usarlas securizando la conexión a la vez que la facilitas.
 SSH está configurada por omisión para preferir ingresar con claves mientras te sigue permitiendo emplear un nombre de usuario y contraseña. Al final de esta sección podrás:
 * Conectar a !FreedomBox sabiendo que te conectas al ordenador deseado.
 * Conectar instantáneamente sin tener que dar usuario y contraseña.
 * Mejorar la seguridad de tu !FreedomBox deshabilitando la autenticación a SSH mediante cotraseña.
 ==== Claves SSH Públicas y Privadas ====
 Las claves SSH se generan emparejadas. Cada par par consta de una clave pública y su clave privada correspondiente.
 Cada clave cifra los datos de modo que solo se pueden leer con la otra: lo que cifra la privada solo lo descifra la pública y viceversa.
 Esto se llama sistema de cifrado asimétrico. SSH mantendrá tus claves privadas seguras y comunicará automáticamente tus claves públicas al otro sistema. 
 Empplear claves SSH crea un conjunto potente de características de seguridad:
 * Te aseguran que te conectas a tu !FreedomBox (y no a un impostor).
 * Nadie más podrá leer ni modificar tu comunicación con !FreedomBox. 
 * El servicio SSH de !FreedomBox SSH sabrá que eres tú (y no un impostor) el usuario conectado.
 * Nadie más podrá leer ni modificar la comunicación de !FreedomBox destinada a tí. 
 * La conexión es automática sin nombre de usuario ni contraseña.
 * Tu !FreedomBox puede bloquear cualquier ataque basado en adivinar tu contraseña.
 ==== Crea tus claves SSH personales en tu ordenador cliente usando ssh-keygen ====
 Crearemos un par de claves SSH tu ordenador cliente usando usando valores por omisión y sin dar una contraseña.
 Usa el comando {{{ssh-keygen}}} sin argumentos y cuando se te pida una contraseña introdúcela vacía.
 He aquí un ejemplo:
 {{{
 $ ssh-keygen
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/username/.ssh/id_rsa): 
 Created directory '/home/username/.ssh'.
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/username/.ssh/id_rsa
 Your public key has been saved in /home/username/.ssh/id_rsa.pub
 The key fingerprint is:
 SHA256:nHcTP5DBKxBOgt8BFMyb2QUs//t8ge+8vw2zjOuE71U username@clientpc
 The key's randomart image is:
 +---[RSA 3072]----+
 |     ==++o ..    |
 |    . +++ . .o   |
 |     . O.+  +.   |
 |      =.+.. .+   |
 |        S...o.o E|
 |         ..o...o |
 |          ....+. |
 |          .+ =o+.|
 |           +O+*++|
 +----[SHA256]-----+
 }}}
 Ya tienes un par de claves SSH personales en tu ordenador cliente.
 ==== Verificar la Huella de tu Servidor FreedomBox ====
 La primera vez que te conectes a !FreedomBox se te presentará un mensaje como este:
 {{{
 $ ssh fbx@freedombox.local
 No se puede asegurar la autenticidad de 'freedombox.local (192.168.1.4)'.
 Su huella ED25519 es SHA256:TwJFdepq7OaTXcycoYfYE8/lRtuOxUGCrst0K/RUh4E.
 Esta huella no consta asociada a ningún otro nombre.
 ¿Seguro que quiere conectar (Si/No/[huella])? 
 }}}
 Hay varias partes que hay que entender en este mensaje:
 * SSH te dice que nunca antes has conectado con este servidor por lo que no puede garantizarte que sea seguro.
 * SSH te ofrece la oportunidad de validar este nuevo servidor indicando 'Si'.  
 * SSH ha recibido una clave de cifrado para comunicar con seguridad con este servidor (aunque no tengamos certeza de a qué máquina nos conectamos).
 * SSH te está dando información que usarás para confirmar que el servidor SSH remoto es tu !FreedomBox.
 Vé con tu navegador a !FreedomBox. Entra en el menú de Sistema y luego a Shell Segura. La segunda sección de esta página es Huellas de Servidor y tiene una entrada ED25519:
 ||'''Algoritmo'''||'''Huella'''||
 ||RSA||SHA256:ZGvgdxiDEpGKdw82Z6z0QRmDpT3Vgi07Ghba5IBJ4tQ||
 ||ECDSA||SHA256:BLMMfPxNHpHF0sqCazAwE6ONdLtMY+W2yrgjP7AeXcQ||
 ||ED25519||SHA256:TwJFdepq7OaTXcycoYfYE8/lRtuOxUGCrst0K/RUh4E||
 Compara la huella ED25519 de la página Shell Segura de tu !FreedomBox con la que ha recibido tu cliente SSH en su primera conexión. Si las huellas coinciden puedes confiar que estás conectando con tu !FreedomBox.
 Me gustaría acompañarte a dar estos pasos pero ... ¿ya has realizado tu primera conexión? Puedes reiniciar el proceso con esta orden en el ordenador de tu cliente SSH.
 {{{
 $ ssh-keygen -R freedombox.local
 }}}
 Esto borra el registro de tu conexión a !FreedomBox. Ahora abre la página de configuración de la Shell Segura en !FreedomBox por la sección de Huellas de Servidor.
 A continuación conecta a !FreedomBox con tu cliente SSH y verifica la huella de servidor antes de responder afirmativamente a la pregunta de authenticidad de la máquina.
 Hacer esto correctamente te garantiza que cuando conectes mediante SSH a !FreedomBox te conectas al tuyo (y no a otro).
 Cada vez que te conectes a un servidor SSH nuevo para tí se te dará la oportunidad de verificar su huella.
 Si te conectas a !FreedomBox usando nombres o direcciones IP diferentes (IP local, nombre DNS, nombre Pagekite, dirección .onion para TOR...) se te preguntará una vez por
 cada una pero la huella será siempre la misma.
 Las huellas de tu servidor no son secretas. La huella es una versión resumida de la clave pública que se comparte para que la usen para cifrar la comunicación que se te envía.
 Tu clave pública tampoco es secreta. Podrías publicar las huellas y las claves públicas sin afectar un ápice a la seguridad de tu !FreedomBox.
 ==== Comparte tu clave SSH personal pública con FreedomBox usando ssh-copy-id ====
 Ahora que tienes una clave personal y has verificado la identidad de !FreedomBox, éste sigue sin conocer la tuya y te pedirá una contraseña al intentar ingresar mediante SSH.
 La orden {{{ssh-copy-id}}} le dirá a !FreedomBox que acepte tu clave personal en vez de tu contraseña.
 {{{
 $ ssh-copy-id username@freedombox.local
 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 username@freedombox.local's password: 
 Number of key(s) added: 1
 Now try logging into the machine, with:   "ssh 'username@freedombox.local'"
 and check to make sure that only the key(s) you wanted were added.
 }}}
 Estos pasos emparejan tu clave personal pública a tu cuenta de usuario en !FreedomBox. Al completar este paso el servidor SSH de !FreedomBox comparará la clave que le envía el
 ordenador cliente con la que ha guardado !FreedomBox. Si coinciden ingresarás sin necesidad de introducir una contraseña. Compruébalo ahora:
 {{{
 $ ssh freedombox.local
 Linux freedombox 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
                         .--._    _.--.
                        (     \  /     )
                         \     /\     /
                          \_   \/   _/
                           /        \
                          (    /\    )
                           `--'  `--'
                           FreedomBox
 FreedomBox is a pure blend of Debian GNU/Linux. Web interface is available at
 https://localhost/ . FreedomBox manual is available in /usr/share/doc/freedombox
 and from the web interface.
 The programs included with the Debian GNU/Linux system are free software;
 the exact distribution terms for each program are described in the
 individual files in /usr/share/doc/*/copyright.
 Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
 permitted by applicable law.
 You have new mail.
 Last login: Sun Mar 17 14:27:03 2024 from 192.168.144.101
 username@freedombox:~$
 }}}
 Una vez !FreedomBox conoce tu clave pública podrás conectar usándola sin importar cómo te refieras a !FreedomBox:
 * Nombre en la red local
 * Dirección IP en la red local
 * Dirección IP pública de tu proveedor de internet
 * Nombre DNS, si usas DNS dinámico
 * Nombre Pagekite, si usas Pagekite
 * Dirección .onion, si usas TOR
 ==== Bloquear intentos de adivinar tu contraseña SSH deshabilitando la autenticación mediante contraseña ====
 Cuando ya puedas conectar a !FreedomBox por SSH mediante clave SSH sin introducir contraseña puedes dar otro paso para mejorar la seguridad de !FreedomBox.
 Si tienes tu !FreedomBox accesible desde internet quizá notes que se repiten intentos de ingreso desde internet. Una buena contraseña es tu primera linea de defensa,
 pero !FreedomBox tiene más características para protegerte de estos intentos de intrusión. Puedes atajar por completo este disparate deshabilitando la autenticación
 por contraseña para la Shell Segura.
 En el menú de ''Sistema'' de tu !FreedomBox elige la ''Configuración de Shell Segura'' y debajo de ''Configuración'' selecciona "Deshabilitar autenticación por contraseña":
 [x] Deshabilitar autenticación por contraseña  
 Dale al botón "Actualizar Ajustes". Esto impide cualquier intento de intrusión que quiera adivinar tu contraseña. Podrás ingresar desde este ordenador cliente con tu clave.
 ===== Conculsión acerca de la Huella de Servidor =====
 En esta sección hemos aprendido a encontrar las Huellas de Servidor de la Shell Segura de !FreedomBox.
 Hemos verificado la conexión con !FreedomBox comparando la huella recibida por el cliente SSH con la que hay en el servidor SSH de !FreedomBox.
 Estos pasos solo se necesitan la primera vez que conectamos con !FreedomBox.
 Quizá necesites repetirlos al conectar mediante la dirección IP o los nombres de la máquina en la red local o desde fuera de ella.
 En cada caso recibirás la misma Huella de Servidor que podrás verificar la primera vez.
 === Enlaces externos ===
 * Proyecto original: https://www.openssh.com
 * Documentación de uso: https://www.openssh.com/manual.html
 * Software cliente PuTTY : https://www.chiark.greenend.org.uk/~sgtatham/putty/
 * SSH en el wiki de Debian: https://wiki.debian.org/SSH
 ## END_INCLUDE