Frequently Asked Questions

The NearlyFreeSpeech.NET FAQ (*)

Uploading (*)

Q. Can I configure my ssh connection to use a public key?

Yes, but.

Our system does not access your site's filesystem until after you have authenticated yourself. Also, correct authentication depends on both member name and site (since more than one member name may have permission to access a given site and a given member name may be able to access more than one site). Therefore, you cannot place a public key file in your site's filesystem to bypass password authentication.

Instead, we keep a separate keychain for each member. To use an ssh public key, you can add it to your keychain on the profile tab.

Once installed into your membership's keychain, an ssh key will authenticate you for any site you are authorized to access, including your sites and any sites you may have adjunct access to.

Per current best security practices, here are the key types we support:

DSA/DSS ("ssh-dss") keys are not supported at all. This is a US government FIPS standard developed by the NSA and intended only for low-security usage. (Read: they are probably not secure.)

If you use an RSA key, you must use a client that supports RFC8332 for SHA-256 (rsa-sha2-256) and SHA-512 (rsa-sha2-512) signatures. As of 2021, our servers no longer accept RSA keys with SHA-1 signatures because they are demonstrably insecure. If you run into that issue, please update your OpenSSH client and/or consider switching to faster, safer Ed25519 keys.